Credit to Author: Pierre Lee| Date: Thu, 16 May 2024 00:00:00 +0000
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024.
Read moreCredit to Author: Feike Hacquebord| Date: Wed, 01 May 2024 00:00:00 +0000
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024.
Read moreCredit to Author: Cyris Tseng| Date: Thu, 11 Apr 2024 00:00:00 +0000
Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware.
Read moreCredit to Author: Johnny Krogsboll| Date: Thu, 11 Apr 2024 00:00:00 +0000
Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.
Read moreCredit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Read moreCredit to Author: Joseph C Chen| Date: Mon, 18 Mar 2024 00:00:00 +0000
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
Read moreCredit to Author: Buddy Tancio| Date: Wed, 06 Mar 2024 00:00:00 +0000
This blog entry will examine Trend Micro MDR team’s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
Read moreCredit to Author: Ian Kenefick| Date: Tue, 27 Feb 2024 00:00:00 +0000
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
Read moreCredit to Author: Cedric Pernet| Date: Mon, 26 Feb 2024 00:00:00 +0000
During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.
Read moreCredit to Author: Sunny Lu| Date: Tue, 20 Feb 2024 00:00:00 +0000
In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries.
Read more