Tuesday, January 21, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

trend micro research : apt & targeted attacks

Security TrendMicro 

Pack it Secretly: Earth Preta’s Updated Stealthy Strategies

admin , ,

Credit to Author: Vickie Su| Date: Thu, 23 Mar 2023 00:00:00 +0000

After months of investigation, we found that several undisclosed malware and interesting tools used for exfiltration purposes were being used by Earth Preta. We also observed that the threat actors were actively changing their tools, tactics, and procedures (TTPs) to bypass security solutions. In this blog entry, we will introduce and analyze the other tools and malware used by the threat actor.

Read more
Security TrendMicro 

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

admin , , , , , , ,

Credit to Author: Daniel Lunghi| Date: Wed, 01 Mar 2023 00:00:00 +0000

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Read more
Security TrendMicro 

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

admin , , ,

Credit to Author: Joseph C Chen| Date: Fri, 17 Feb 2023 00:00:00 +0000

We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea.

Read more
Security TrendMicro 

Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns

admin , , , , , , ,

Credit to Author: Hara Hiroaki| Date: Thu, 16 Feb 2023 00:00:00 +0000

We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.

Read more
Security TrendMicro 

New APT34 Malware Targets The Middle East

admin , , , , , ,

Credit to Author: Mohamed Fahmy| Date: Thu, 02 Feb 2023 00:00:00 +0000

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

Read more
Security TrendMicro 

Attacking The Supply Chain: Developer

admin , , , , , , ,

Credit to Author: David Fiser| Date: Wed, 25 Jan 2023 00:00:00 +0000

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

Read more
Security TrendMicro 

Raspberry Robin Malware Targets Telecom, Governments

admin , , , ,

Credit to Author: Christopher So| Date: Tue, 20 Dec 2022 00:00:00 +0000

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.

Read more
Security TrendMicro 

Ransomware Business Models: Future Pivots and Trends

admin , , , , , , , , , ,

Credit to Author: Feike Hacquebord| Date: Thu, 15 Dec 2022 00:00:00 +0000

Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short term (“evolutions”) and the bigger deviations (“revolutions”) they can redirect their criminal enterprises to in the long run.

Read more