Trend Micro Research : Articles, News, Reports

ALPHV/BlackCat Take Extortion Public

ALPHV/BlackCat Take Extortion Public 17/11/2023 at 21:47 By Learn more about ALPHV filing a complaint with the Security and Exchange Commission (SEC) against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than later. This article is an excerpt from Trend Micro Research, News and Perspectives View Original […]

ALPHV/BlackCat Take Extortion Public Read More »

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 10/11/2023 at 13:18 By We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 Read More »

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting 09/11/2023 at 12:01 By We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article is an excerpt from

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting Read More »

Zero Day Threat Protection for Your Network

Zero Day Threat Protection for Your Network 06/11/2023 at 11:32 By Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Zero Day Threat Protection for Your Network Read More »

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime 27/10/2023 at 12:50 By This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals. This article is an excerpt from Trend Micro Research, News and

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime Read More »

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores 24/10/2023 at 06:43 By In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. This article is an excerpt from Trend

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores Read More »

Beware: Lumma Stealer Distributed via Discord CDN

Beware: Lumma Stealer Distributed via Discord CDN 16/10/2023 at 11:31 By This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Beware: Lumma Stealer Distributed via Discord CDN Read More »

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant 13/10/2023 at 11:02 By Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. This article is an excerpt from Trend Micro Research, News

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant Read More »

Exposing Infection Techniques Across Supply Chains and Codebases

Exposing Infection Techniques Across Supply Chains and Codebases 05/10/2023 at 12:47 By This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Exposing Infection Techniques Across Supply Chains and Codebases Read More »

APT34 Deploys Phishing Attack With New Malware

APT34 Deploys Phishing Attack With New Malware 29/09/2023 at 12:17 By We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to

APT34 Deploys Phishing Attack With New Malware Read More »

Examining the Activities of the Turla APT Group

Examining the Activities of the Turla APT Group 22/09/2023 at 13:02 By We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group. This article is an excerpt from Trend Micro Research, News

Examining the Activities of the Turla APT Group Read More »

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign 21/09/2023 at 20:01 By This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign Read More »

Attacks on 5G Infrastructure From Users’ Devices

Attacks on 5G Infrastructure From Users’ Devices 20/09/2023 at 11:03 By Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed,

Attacks on 5G Infrastructure From Users’ Devices Read More »

Unsung Hero in Cyber Risk Management

Unsung Hero in Cyber Risk Management 19/09/2023 at 20:49 By Behind the scenes of the world of vulnerability intelligence and threat hunting This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Unsung Hero in Cyber Risk Management Read More »

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 18/09/2023 at 14:32 By While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Read More »

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware 13/09/2023 at 14:01 By In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware Read More »

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms 09/09/2023 at 01:01 By Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms Read More »

Analyzing a Facebook Profile Stealer Written in Node.js

Analyzing a Facebook Profile Stealer Written in Node.js 05/09/2023 at 12:33 By We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. This article is an excerpt from Trend Micro Research, News

Analyzing a Facebook Profile Stealer Written in Node.js Read More »

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership 01/09/2023 at 12:04 By In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign. This article is an excerpt

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership Read More »

Earth Estries Targets Government, Tech for Cyberespionage

Earth Estries Targets Government, Tech for Cyberespionage 30/08/2023 at 12:46 By We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the

Earth Estries Targets Government, Tech for Cyberespionage Read More »

Scroll to Top