Python-Based NodeStealer Version Targets Facebook Ads Manager

Credit to Author: Aira Marcelo| Date: Thu, 19 Dec 2024 00:00:00 +0000

In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram.

Read more

Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

Credit to Author: Feike Hacquebord| Date: Tue, 17 Dec 2024 00:00:00 +0000

APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors.

Read more

The Road to Agentic AI: Exposed Foundations

Credit to Author: Morton Swimmer| Date: Wed, 04 Dec 2024 00:00:00 +0000

Our research into Retrieval Augmented Generation (RAG) systems uncovered at least 80 unprotected servers. We highlight this problem, which can lead to potential data loss and unauthorized access.

Read more

Gafgyt Malware Broadens Its Scope in Recent Attacks

Credit to Author: Sunil Bharti| Date: Tue, 03 Dec 2024 00:00:00 +0000

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.

Read more

Gafgyt Malware Targeting Docker Remote API Servers

Credit to Author: Sunil Bharti| Date: Tue, 03 Dec 2024 00:00:00 +0000

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.

Read more

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

Credit to Author: Hara Hiroaki| Date: Tue, 26 Nov 2024 00:00:00 +0000

Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha.

Read more

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Credit to Author: Leon M Chang| Date: Mon, 25 Nov 2024 00:00:00 +0000

Since 2023, APT group Earth Estries has aggressively targeted key industries globally with sophisticated techniques and new backdoors, like GHOSTSPIDER and MASOL RAT, for prolonged espionage operations.

Read more

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

Credit to Author: Hara Hiroaki| Date: Tue, 19 Nov 2024 00:00:00 +0000

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Read more

Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations

Credit to Author: Makoto Shimamura| Date: Mon, 11 Nov 2024 00:00:00 +0000

Trend Micro researchers, in collaboration with Japanese authorities, analyzed links between SEO malware families used in SEO poisoning attacks that lead users to fake shopping sites.

Read more