Credit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
Read moreCredit to Author: Sunil Bharti| Date: Thu, 06 Jun 2024 00:00:00 +0000
We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.
Read moreCredit to Author: Sunil Bharti| Date: Thu, 30 May 2024 00:00:00 +0000
Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.
Read moreCredit to Author: Pierre Lee| Date: Thu, 16 May 2024 00:00:00 +0000
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024.
Read moreCredit to Author: Feike Hacquebord| Date: Wed, 01 May 2024 00:00:00 +0000
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024.
Read moreCredit to Author: Trend Micro Research| Date: Thu, 18 Apr 2024 00:00:00 +0000
On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.
Read moreCredit to Author: Cyris Tseng| Date: Thu, 11 Apr 2024 00:00:00 +0000
Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware.
Read moreCredit to Author: Christopher Boyton| Date: Wed, 03 Apr 2024 00:00:00 +0000
Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption.
Read moreCredit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Read moreCredit to Author: Arianne Dela Cruz| Date: Tue, 26 Mar 2024 00:00:00 +0000
This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Read more