TeamTNT Returns – or Does It?

Credit to Author: Sunil Bharti| Date: Wed, 19 Oct 2022 00:00:00 +0000

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.

Read more

Oil and Gas Cybersecurity: Trends & Response to Survey

Credit to Author: Mayumi Nishimura| Date: Thu, 13 Oct 2022 00:00:00 +0000

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations.

Read more

Tracking Earth Aughisky’s Malware and Changes

Credit to Author: CH Lei| Date: Tue, 04 Oct 2022 00:00:00 +0000

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.

Read more

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Credit to Author: Joseph C Chen| Date: Mon, 03 Oct 2022 00:00:00 +0000

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

Read more

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Credit to Author: Sunil Bharti| Date: Wed, 21 Sep 2022 00:00:00 +0000

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.

Read more

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Credit to Author: Nitesh Surana| Date: Mon, 12 Sep 2022 00:00:00 +0000

One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.

Read more

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

Credit to Author: Daniel Lunghi| Date: Fri, 12 Aug 2022 00:00:00 +0000

We found APT group Iron Tiger’s malware compromising chat application Mimi’s servers in a supply chain attack.

Read more

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

Credit to Author: Jaromir Horejsi| Date: Thu, 11 Aug 2022 00:00:00 +0000

We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension.

Read more

Facebook’s Metaverse is Expanding the Attack Surface

Credit to Author: William Malik| Date: Mon, 08 Aug 2022 00:00:00 +0000

Understand the cybersecurity risks in the Metaverse

Read more

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Credit to Author: Shingo Matsugaya| Date: Mon, 27 Jun 2022 00:00:00 +0000

We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.

Read more