Trend Micro

WannaRen Returns as Life Ransomware, Targets India

Unlike its previous version, this new variant dubbed Life ransomware uses a batch file to download and execute WINWORD.exe to perform DLL side-loading and load the ransomware in memory.
November 18, 2022

China-linked Mustang Panda APT Targets Governments Worldwide via Spear-Phishing Attacks

Earth Preta abused fake Google accounts to distribute malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links.
November 10, 2022

APT41’s New Subgroup Earth Longzhi Targets East and Southeast Asia

Both campaigns by the group used spear-phishing emails as the primary entry vector to deliver its malware. It embeds the malware in a password-protected archive or shares a link to download it, luring the victim with information about a person.

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

To date, in the criminal underground, there is not as much discussion around DeimosC2 as an alternative, but attackers might be using DeimosC2 in the near future as a tool of choice and as part of their migration away from Cobalt Strike.

Massive Phishing Campaigns Target India Banks’ Clients with Five Malware Families

Trend Micro researchers observed five banking malware families involved in these attacks targeting bank customers in India, namely Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Recently, we came across an exploitation attempt leveraging monitoring and visualization tool Weave Scope to enumerate the AWS instance metadata service (IMDS) from EC2 instances through environment variables and the IMDS endpoint.

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

In this incident, the attackers used the double-extortion technique to blackmail their victims, threatening to release allegedly stolen data in addition to encrypting the victim’s files.

Is it TeamTNT Or a Copycat Group?

Recent observations by researchers say a threat group, maybe TeamTNT, has returned. The copycat group is imitating the routines of TeamTNT and has been deploying an XMRig cryptocurrency miner.

Oil and Gas Cybersecurity: Trends & Response to Survey

It was found that the oil and gas industry averaged 6 days for system outages due to cyberattacks, one day longer than five days for other industries. In addition, 65% of respondents said that the system stopped for more than four days.

Prevent Ransomware Attacks on Critical Infrastructure

Ransomware attacks on industrial targets continue to rise, accounting for more than half of all malware on industrial endpoints. They have also become highly sophisticated, able to exploit long unpatched vulnerabilities as well as zero-days.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags