cyber crime

Earth Zhulong Familiar Patterns Target Southeast Asian Firms

Posted on February 8, 2023February 17, 2023 by Admin

Introduction In 2022, we discovered a hacking group that has been targeting telecom, technology, and media sectors in Southeast Asia since 2020. We track this particular group as Earth Zhulong. We believe that Earth Zhulong is likely related to the Chinese-linked hacking group 1937CN based on similar code in the custom shellcode loader and victimology. In this post, we’ll introduce Earth Zhulong’s new tactics, techniques, and procedures (TTPs) in the recent campaign and the evolution…

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

Posted on February 3, 2023February 3, 2023 by Admin

Conclusion Despite having different deployment periods, we found the social media phishing campaigns and network infrastructure targeting Taiwan, Indonesia, and Thailand similar. When the victim downloads the fake app from the website given by the threat actor, or if victim tries to send a direct message to the threat actor through messaging apps such as WhatsApp or Viber, the cybercriminal deceives the user into registering, installing the malware, and enabling the permissions it needs. Once…

What SOCs Need to Know About Water Dybbuk

Posted on February 2, 2023February 2, 2023 by Admin

What SOCs Need to Know About Water Dybbuk Cyber Crime We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar. By: Stephen Hilt, Lord Alfred Remorin February 02, 2023 Read time: ( words) BEC or Business Email Compromise is a significant problem for businesses around the world. According to the Federal Bureau of Investigation (FBI), BEC costs victims more money than ransomware, with an…

New APT34 Malware Targets The Middle East

Posted on February 2, 2023February 3, 2023 by Admin

APT34 Targeting and Arsenal Evolution APT34 has been documented to target organizations worldwide, particularly companies from the financial, government, energy, chemical, and telecommunications industries in the Middle East since at least 2014. Documented as a group primarily involved for cyberespionage, APT34 has been previously recorded targeting government offices and show no signs of stopping with their intrusions. Our continuous monitoring of the group proves it continues to create new and updated tools to minimize the detection…

Attacking The Supply Chain: Developer

Posted on January 25, 2023January 25, 2023 by Admin

In 2021, we published an entry identifying the weak parts of the supply chain security. In the face of the surge in documented attacks, the entry gave a summarized overview of how malicious actors found gaps to abuse and take advantage of for possible gains and disruptions. In this entry, we focus on one specific part of the supply chain: the developers themselves. To find a suitable attack model focusing on the developer, we must…

“Payzero” Scams and The Evolution of Asset Theft in Web3

Posted on January 18, 2023January 18, 2023 by Admin

“Payzero” Scams and The Evolution of Asset Theft in Web3 Cyber Threats In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”. By: Fyodor Yarochkin, Vladimir Kropotov, Jay Liao January 18, 2023 Read time: ( words) Web3 is a lucrative emerging technology where many participants seek quick profit via…

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Posted on January 17, 2023January 17, 2023 by Admin

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures Malware We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. By: Peter Girnus, Aliakbar Zahravi January 17, 2023 Read time: ( words) While threat hunting, we found an active campaign using Middle Eastern geopolitical themes as a lure to target potential…

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

Posted on December 23, 2022December 23, 2022 by Admin

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware Malware We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. By: Ian Kenefick December 23, 2022 Read time: ( words) After closely tracking the activities of the IcedID botnet, we have discovered some significant changes in its distribution methods. Since December 2022, we observed the abuse of Google pay per…

Detecting Windows AMSI Bypass Techniques

Posted on December 21, 2022December 21, 2022 by Admin

Techniques bypassing AMSI were primarily used by security researchers and penetration testers. In recent years, however, cybercriminals have abused this and included the method as a feature in malware routines to evade detection that allowed them to continuously operate in a victim’s computer. Prior to AMSI, detections of fileless threats proved difficult. Previously documented methods used to achieve an AMSI bypass were: Obfuscation and/or encryption PowerShell downgrade Hooks and unhooks Memory patching Forcing an error…

Raspberry Robin Malware Targets Telecom, Governments

Posted on December 20, 2022December 20, 2022 by Admin

We noted layers 3 and 5 as capable of anti-analysis techniques. Meanwhile, we found that not all layers have unique packers. The fourth and seventh layers are identical, as well as the tenth and thirteenth. The packing of the eighth and fourteenth layers are also similar. This repeated use of packers implies that the group is using a separate packing program. We are continuing with our analysis to see if this program is their own…

« 1 2 3 4 … 9 »

Earth Zhulong Familiar Patterns Target Southeast Asian Firms

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

What SOCs Need to Know About Water Dybbuk

New APT34 Malware Targets The Middle East

“Payzero” Scams and The Evolution of Asset Theft in Web3

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

Detecting Windows AMSI Bypass Techniques

Raspberry Robin Malware Targets Telecom, Governments

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)