Earth Zhulong Familiar Patterns Target Southeast Asian Firms

Earth Zhulong Familiar Patterns Target Southeast Asian Firms

Introduction In 2022, we discovered a hacking group that has been targeting telecom, technology, and media sectors in Southeast Asia since 2020. We track this particular group as Earth Zhulong. We believe that Earth Zhulong is likely related to the Chinese-linked hacking group 1937CN based on similar code in the custom shellcode loader and victimology. In this post, we’ll introduce Earth Zhulong’s new tactics, techniques, and procedures (TTPs) in the recent campaign and the evolution…

Read More

Hijacking Your Bandwidth How Proxyware Apps Open You Up to Risk

Hijacking Your Bandwidth How Proxyware Apps Open You Up to Risk

But is this true? To examine and understand the kind of risks a potential user might be exposed to by joining such programs, we recorded and analyzed network traffic from a large number of exit nodes of several different network bandwidth sharing services (exit nodes are computers who had these network bandwidth sharing services installed).   From January to September 2022, we recorded traffic coming from exit nodes of some of these passive income companies…

Read More

Cloud-ready and Channel-first

Cloud-ready and Channel-first

Trend Micro is a cloud security pioneer. And for over 30 years, we’ve worked hand in hand with the channel to make the digital world a safer place. So we’re delighted to receive more recognition of the value we’re adding for partners and customers with the release of the latest CRN Cloud 100 list. This comes on the heels of another great recognition as Trend Micro was recently awarded the AWS Marketplace Partner of the…

Read More

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

Conclusion Despite having different deployment periods, we found the social media phishing campaigns and network infrastructure targeting Taiwan, Indonesia, and Thailand similar. When the victim downloads the fake app from the website given by the threat actor, or if victim tries to send a direct message to the threat actor through messaging apps such as WhatsApp or Viber, the cybercriminal deceives the user into registering, installing the malware, and enabling the permissions it needs. Once…

Read More

What SOCs Need to Know About Water Dybbuk

What SOCs Need to Know About Water Dybbuk

What SOCs Need to Know About Water Dybbuk Cyber Crime We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar. By: Stephen Hilt, Lord Alfred Remorin February 02, 2023 Read time:  ( words) BEC or Business Email Compromise is a significant problem for businesses around the world. According to the Federal Bureau of Investigation (FBI), BEC costs victims more money than ransomware, with an…

Read More

New APT34 Malware Targets The Middle East

New APT34 Malware Targets The Middle East

APT34 Targeting and Arsenal Evolution APT34 has been documented to target organizations worldwide, particularly companies from the financial, government, energy, chemical, and telecommunications industries in the Middle East since at least 2014. Documented as a group primarily involved for cyberespionage, APT34 has been previously recorded targeting government offices and show no signs of stopping with their intrusions. Our continuous monitoring of the group proves it continues to create new and updated tools to minimize the detection…

Read More

New Mimic Ransomware Abuses Everything APIs for its Encryption Process

New Mimic Ransomware Abuses Everything APIs for its Encryption Process

New Mimic Ransomware Abuses Everything APIs for its Encryption Process Ransomware Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. By: Nathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, Nathaniel Gregory Ragasa January 26, 2023 Read time:  ( words) Trend Micro researchers discovered a new ransomware…

Read More

Attacking The Supply Chain: Developer

Attacking The Supply Chain: Developer

In 2021, we published an entry identifying the weak parts of the supply chain security. In the face of the surge in documented attacks, the entry gave a summarized overview of how malicious actors found gaps to abuse and take advantage of for possible gains and disruptions. In this entry, we focus on one specific part of the supply chain: the developers themselves. To find a suitable attack model focusing on the developer, we must…

Read More

Vice Society Ransomware Group Targets Manufacturing Companies

Vice Society Ransomware Group Targets Manufacturing Companies

Vice Society Ransomware Group Targets Manufacturing Companies Ransomware In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. By: Ieriz Nicolle Gonzalez, Paul Pajares, Arianne Dela Cruz, Warren Sto.Tomas January 24, 2023 Read time:  ( words) The Vice Society ransomware group made headlines in late 2022 and early 2023 during a spate of attacks against several targets, such as the one…

Read More

“Payzero” Scams and The Evolution of Asset Theft in Web3

“Payzero” Scams and The Evolution of Asset Theft in Web3

“Payzero” Scams and The Evolution of Asset Theft in Web3 Cyber Threats In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”. By: Fyodor Yarochkin, Vladimir Kropotov, Jay Liao January 18, 2023 Read time:  ( words) Web3 is a lucrative emerging technology where many participants seek quick profit via…

Read More
1 3 4 5 6 7 27