#TrendMicro

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

by

November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

by

October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments. … Read more

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

by

October 2, 2024 at 11:27AM A recent spear-phishing email campaign targeted recruiters using the More_eggs JavaScript backdoor, with actors posing as fake job applicants to infect systems. The malware, attributed to the Golden Chickens group, enables credential theft and has been linked to several e-crime groups. Trend Micro observed a variation of the campaign utilizing … Read more

MDR in Action: Preventing The More_eggs Backdoor From Hatching

by

September 30, 2024 at 11:11AM A recruitment officer fell for a sophisticated spear-phishing lure by downloading a malicious file disguised as a resume, resulting in a more_eggs backdoor infection. The Trend Micro MDR team utilized the Vision One platform to contain the infection and automate threat detection in a campaign associated with the more_eggs malware. … Read more

Evolved Exploits Call for AI-Driven ASRM + XDR

by

September 27, 2024 at 05:01AM Summary: Jon Clay discusses the evolving cyber threats and the need for AI-driven ASRM + XDR to manage these threats effectively. With advanced technologies like AI and GenAI, organizations can now identify and mitigate cyber risks, as well as benefit from automated assistance in cybersecurity tasks. Trend Micro’s Vision One … Read more

Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes

by

September 25, 2024 at 07:18AM Ethical hackers can win over $1 million in cash and prizes at Pwn2Own Automotive 2025 in Tokyo, Japan. The competition includes hacking Tesla vehicles, in-vehicle infotainment systems, electric vehicle chargers, and operating systems, with prizes up to $500,000 for demonstrated vulnerabilities. Interested participants can find the full rules and registration … Read more

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

by

September 20, 2024 at 11:25AM The article discusses the Ransomhub ransomware’s utilization of EDRKillShifter to disable EDR and antivirus protections. Ransomhub also exploits the Zerologon vulnerability to take control of networks without authentication. The group has attacked various industries, employed spear-phishing, and used the affiliate model. Trend Micro’s Vision One telemetry data aided in uncovering … Read more

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

by

September 16, 2024 at 07:39AM Microsoft identified and addressed a high-severity CVE-2024-43461 security flaw through September 2024 updates, following its exploitation as a zero-day in Internet Explorer. This spoofing bug in MSHTML can execute arbitrary code when a user interacts with a malicious page or file. It was part of an attack chain exploited by … Read more

Mustang Panda Feeds Worm-Driven USB Attack Strategy

by

September 10, 2024 at 11:36AM China’s state-sponsored threat actor, Mustang Panda, is utilizing self-propagating malware spread through USB drives and spear-phishing to target various government entities in the Asia-Pacific region. The group’s tactics have evolved to include new vectors for initial entry, with a focus on specific countries and sectors. Trend Micro researchers advise continuous … Read more

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

by

September 10, 2024 at 06:03AM Trend Micro has identified Mustang Panda’s advanced malware tactics, including the propagation of PUBLOAD via HIUPAN, targeting government entities in the APAC region. The cybersecurity firm uncovered the group’s use of multi-stage downloaders and exploitation of Microsoft’s cloud services for data exfiltration. The threat actor’s evolving strategies are concerning for … Read more