Trend Micro Research : APT & Targeted Attacks

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques 2025-03-31 at 12:23 By The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data. […]

React to this headline:

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques Read More »

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks 2025-02-04 at 11:10 By The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks Read More »

MITRE ATT&CK 2024 Results for Enterprise Security

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Network, Trend Micro Research : Ransomware, Trend Micro Research : Reports / SecurityTicks

MITRE ATT&CK 2024 Results for Enterprise Security 2024-12-11 at 19:18 By Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People’s Republic of Korea’s targeting macOS. This article is an

React to this headline:

MITRE ATT&CK 2024 Results for Enterprise Security Read More »

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats / SecurityTicks

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks 2024-12-05 at 09:33 By Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance. This article is an excerpt from Trend Micro Research,

React to this headline:

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks Read More »

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 2024-11-26 at 10:33 By Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha. This article

React to this headline:

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 Read More »

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Latest News, Trend Micro Research : Research / SecurityTicks

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions 2024-11-25 at 10:35 By Since 2023, APT group Earth Estries has aggressively targeted key industries globally with sophisticated techniques and new backdoors, like GHOSTSPIDER and MASOL RAT, for prolonged espionage operations. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions Read More »

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella 2024-11-19 at 11:01 By LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates

React to this headline:

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella Read More »

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations 2024-11-08 at 02:00 By Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this

React to this headline:

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations Read More »

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware 2024-10-14 at 11:48 By Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past

React to this headline:

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Read More »

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Research / SecurityTicks

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions 2024-10-11 at 11:02 By Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE. This article is an excerpt from Trend Micro Research, News

React to this headline:

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions Read More »

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Phishing / SecurityTicks

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC 2024-09-19 at 11:47 By We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Read More »

TIDRONE Targets Military and Satellite Industries in Taiwan

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

TIDRONE Targets Military and Satellite Industries in Taiwan 2024-09-06 at 12:49 By Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this

React to this headline:

TIDRONE Targets Military and Satellite Industries in Taiwan Read More »

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2024-08-29 at 12:16 By Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool Read More »

A Dive into Earth Baku’s Latest Campaign

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

A Dive into Earth Baku’s Latest Campaign 2024-08-09 at 07:16 By Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command

React to this headline:

A Dive into Earth Baku’s Latest Campaign Read More »

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2024-06-19 at 10:17 By We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files

React to this headline:

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework Read More »

Decoding Water Sigbin’s Latest Obfuscation Tricks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Reports, Trend Micro Research : Research / SecurityTicks

Decoding Water Sigbin’s Latest Obfuscation Tricks 2024-05-30 at 08:09 By Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against. This article is an excerpt

React to this headline:

Decoding Water Sigbin’s Latest Obfuscation Tricks Read More »

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 2024-05-16 at 10:46 By This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 Read More »

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Reports, Trend Micro Research : Research / SecurityTicks

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks 2024-05-01 at 12:16 By This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks Read More »

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear 2024-04-11 at 13:16 By Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear Read More »

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs 2024-04-02 at 09:01 By This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON. This article is

React to this headline:

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs Read More »