trend micro research : apt & targeted attacks – Page 3

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Credit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Security TrendMicro

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

March 18, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : research

Credit to Author: Joseph C Chen| Date: Mon, 18 Mar 2024 00:00:00 +0000

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Security TrendMicro

Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence

March 6, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : research

Credit to Author: Buddy Tancio| Date: Wed, 06 Mar 2024 00:00:00 +0000

This blog entry will examine Trend Micro MDR team’s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.

Security TrendMicro

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

February 28, 2024 admin trend micro research : apt & targeted attacks, trend micro research : exploits & vulnerabilities, trend micro research : ransomware

Credit to Author: Ian Kenefick| Date: Tue, 27 Feb 2024 00:00:00 +0000

This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.

Security TrendMicro

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

February 28, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : malware, trend micro research : research

Credit to Author: Cedric Pernet| Date: Mon, 26 Feb 2024 00:00:00 +0000

During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.

Security TrendMicro

Earth Preta Campaign Uses DOPLUGS to Target Asia

Credit to Author: Sunny Lu| Date: Tue, 20 Feb 2024 00:00:00 +0000

In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries.

Security TrendMicro

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

January 31, 2024 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : exploits & vulnerabilities, trend micro research : phishing, trend micro research : research

Credit to Author: Feike Hacquebord| Date: Wed, 31 Jan 2024 00:00:00 +0000

Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.

Security TrendMicro

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

October 13, 2023 admin trend micro research : apt & targeted attacks, trend micro research : articles, news, reports, trend micro research : malware, trend micro research : research

Credit to Author: Feike Hacquebord| Date: Fri, 13 Oct 2023 00:00:00 +0000

Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.