Earth Zhulong: Familiar Patterns Target Vietnam

Credit to Author: Ted Lee| Date: Wed, 08 Feb 2023 00:00:00 +0000

In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Vietnam’s telecom, technology, and media sectors similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds.

Read more

New APT34 Malware Targets The Middle East

Credit to Author: Mohamed Fahmy| Date: Thu, 02 Feb 2023 00:00:00 +0000

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

Read more

“Payzero” Scams and The Evolution of Asset Theft in Web3

Credit to Author: Fyodor Yarochkin| Date: Wed, 18 Jan 2023 00:00:00 +0000

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”.

Read more

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Credit to Author: Peter Girnus| Date: Tue, 17 Jan 2023 00:00:00 +0000

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

Read more

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

Credit to Author: Ian Kenefick| Date: Fri, 23 Dec 2022 00:00:00 +0000

We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks.

Read more

Detecting Windows AMSI Bypass Techniques

Credit to Author: Jiri Sykora| Date: Wed, 21 Dec 2022 00:00:00 +0000

We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™.

Read more

Raspberry Robin Malware Targets Telecom, Governments

Credit to Author: Christopher So| Date: Tue, 20 Dec 2022 00:00:00 +0000

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.

Read more