Credit to Author: Sunil Bharti| Date: Wed, 19 Oct 2022 00:00:00 +0000
Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.
Read moreCredit to Author: Ian Kenefick| Date: Wed, 12 Oct 2022 00:00:00 +0000
We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.
Read moreCredit to Author: Joseph C Chen| Date: Wed, 05 Oct 2022 00:00:00 +0000
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
Read moreCredit to Author: CH Lei| Date: Tue, 04 Oct 2022 00:00:00 +0000
For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.
Read moreCredit to Author: Joseph C Chen| Date: Mon, 03 Oct 2022 00:00:00 +0000
The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.
Read moreCredit to Author: Sunil Bharti| Date: Wed, 21 Sep 2022 00:00:00 +0000
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.
Read moreCredit to Author: Nitesh Surana| Date: Mon, 12 Sep 2022 00:00:00 +0000
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.
Read moreCredit to Author: Trend Micro Research| Date: Wed, 31 Aug 2022 00:00:00 +0000
This blog entry highlights the threats that dominated the first six months of the year, which we discussed in detail in our midyear cybersecurity roundup report, “Defending the Expanding Attack Surface.”
Read moreCredit to Author: Mohamed Fahmy| Date: Thu, 25 Aug 2022 00:00:00 +0000
A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 12 Aug 2022 00:00:00 +0000
We found APT group Iron Tiger’s malware compromising chat application Mimi’s servers in a supply chain attack.
Read more