Trend Micro Research : Research - Security Ticks

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective 2024-07-05 at 12:02 By In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to […]

React to this headline:

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective Read More »

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Mekotio Banking Trojan Threatens Financial Systems in Latin America 2024-07-04 at 12:16 By We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Mekotio Banking Trojan Threatens Financial Systems in Latin America Read More »

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer 2024-06-28 at 08:31 By We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer Read More »

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Cyber Crime, Trend Micro Research : Research / SecurityTicks

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites 2024-06-27 at 14:06 By In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites. This article

React to this headline:

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites Read More »

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2024-06-19 at 10:17 By We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files

React to this headline:

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework Read More »

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups 2024-06-11 at 11:46 By This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups Read More »

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers 2024-06-06 at 11:01 By We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers Read More »

Decoding Water Sigbin’s Latest Obfuscation Tricks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Reports, Trend Micro Research : Research / SecurityTicks

Decoding Water Sigbin’s Latest Obfuscation Tricks 2024-05-30 at 08:09 By Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against. This article is an excerpt

React to this headline:

Decoding Water Sigbin’s Latest Obfuscation Tricks Read More »

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 2024-05-16 at 10:46 By This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 Read More »

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Reports, Trend Micro Research : Research / SecurityTicks

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks 2024-05-01 at 12:16 By This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks Read More »

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Research / SecurityTicks

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider 2024-04-18 at 04:16 By On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider Read More »

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear 2024-04-11 at 13:16 By Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear Read More »

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption 2024-04-03 at 14:31 By Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption Read More »

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs 2024-04-02 at 09:01 By This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON. This article is

React to this headline:

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs Read More »

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script 2024-03-26 at 10:31 By This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this

React to this headline:

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script Read More »

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk 2024-03-19 at 10:04 By Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk Read More »

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks 2024-03-18 at 12:02 By Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. This article is an excerpt from Trend Micro Research, News and

React to this headline:

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks Read More »

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO 2024-03-04 at 11:05 By The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO Read More »

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections 2024-02-26 at 08:42 By During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections Read More »

LockBit Attempts to Stay Afloat With a New Version

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

LockBit Attempts to Stay Afloat With a New Version 2024-02-22 at 10:02 By This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. This article is an excerpt

React to this headline:

LockBit Attempts to Stay Afloat With a New Version Read More »