Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

Credit to Author: Hara Hiroaki| Date: Tue, 19 Nov 2024 00:00:00 +0000

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Read more

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

Credit to Author: Ted Lee| Date: Fri, 08 Nov 2024 00:00:00 +0000

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.

Read more

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

Credit to Author: Ryan Maglaque| Date: Thu, 24 Oct 2024 00:00:00 +0000

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures.

Read more

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

Credit to Author: Buddy Tancio| Date: Wed, 23 Oct 2024 00:00:00 +0000

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.

Read more

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Credit to Author: Charles Adrian Marty| Date: Mon, 14 Oct 2024 00:00:00 +0000

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Read more

Cybersecurity Compass: Bridging the Communication Gap

Credit to Author: Juan Pablo Castro| Date: Thu, 26 Sep 2024 00:00:00 +0000

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach.

Read more

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Credit to Author: Kyle Philippe Yu| Date: Fri, 20 Sep 2024 00:00:00 +0000

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Read more

TIDRONE Targets Military and Satellite Industries in Taiwan

Credit to Author: Pierre Lee| Date: Fri, 06 Sep 2024 00:00:00 +0000

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Read more

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Credit to Author: Mohamed Fahmy| Date: Thu, 29 Aug 2024 00:00:00 +0000

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.

Read more