Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data

Credit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000

This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

Read more

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Credit to Author: Ranga Duraisamy| Date: Wed, 30 Oct 2024 00:00:00 +0000

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.

Read more

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

Credit to Author: Ryan Maglaque| Date: Thu, 24 Oct 2024 00:00:00 +0000

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures.

Read more

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

Credit to Author: Buddy Tancio| Date: Wed, 23 Oct 2024 00:00:00 +0000

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.

Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East.

Read more

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

Credit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

Read more

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Credit to Author: Jacob Santos| Date: Tue, 15 Oct 2024 00:00:00 +0000

Trend Micro’s Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.

Read more

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Credit to Author: Charles Adrian Marty| Date: Mon, 14 Oct 2024 00:00:00 +0000

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Credit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

Read more