Credit to Author: Ted Lee| Date: Fri, 09 Aug 2024 00:00:00 +0000
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
Read moreCredit to Author: Jaromir Horejsi| Date: Thu, 01 Aug 2024 00:00:00 +0000
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
Read moreCredit to Author: Cj Arsley Mateo| Date: Fri, 19 Jul 2024 00:00:00 +0000
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.
Read moreCredit to Author: Jagir Shastri| Date: Wed, 17 Jul 2024 00:00:00 +0000
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.
Read moreCredit to Author: Shubham Singh| Date: Fri, 05 Jul 2024 00:00:00 +0000
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
Read moreCredit to Author: Trend Micro Research| Date: Thu, 04 Jul 2024 00:00:00 +0000
We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does.
Read moreCredit to Author: Ahmed Mohamed Ibrahim | Date: Fri, 28 Jun 2024 00:00:00 +0000
We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.
Read moreCredit to Author: Cedric Pernet| Date: Thu, 27 Jun 2024 00:00:00 +0000
In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.
Read moreCredit to Author: Peter Girnus| Date: Wed, 19 Jun 2024 00:00:00 +0000
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.
Read moreCredit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
Read more