Credit to Author: Trend Micro Research| Date: Thu, 18 Apr 2024 00:00:00 +0000
On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.
Read moreCredit to Author: Cyris Tseng| Date: Thu, 11 Apr 2024 00:00:00 +0000
Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware.
Read moreCredit to Author: Christopher Boyton| Date: Wed, 03 Apr 2024 00:00:00 +0000
Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption.
Read moreCredit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Read moreCredit to Author: Arianne Dela Cruz| Date: Tue, 26 Mar 2024 00:00:00 +0000
This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Read moreCredit to Author: Junestherry Dela Cruz| Date: Tue, 19 Mar 2024 00:00:00 +0000
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
Read moreCredit to Author: Arun Shaji| Date: Tue, 19 Mar 2024 00:00:00 +0000
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
Read moreCredit to Author: Joseph C Chen| Date: Mon, 18 Mar 2024 00:00:00 +0000
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
Read moreCredit to Author: Peter Girnus| Date: Wed, 13 Mar 2024 00:00:00 +0000
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Read moreCredit to Author: Buddy Tancio| Date: Wed, 06 Mar 2024 00:00:00 +0000
This blog entry will examine Trend Micro MDR team’s investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
Read more