We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a few changes in its usual behavior and new routines that allow it to elude…Read More
Microsoft rolled out fixes for over 50 security issues in this month’s Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature.
Abusing DDE isn’t new, but the method has made a resurgence with reports of cyberespionage and cybercriminal groups such as Pawn Storm, Keyboy, and FIN7 leveraging it to deliver their payloads.Read More
REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by Trend Micro as BKDR_DASERF, otherwise known as Muirim and Nioupale) that has four main capabilities: execute shell commands, download and upload data, take screenshots, and log keystrokes.
Our recent telemetry, however, indicates that variants of Daserf were not only used to spy on and steal from Japanese and South Korean targets, but also against Russian, Singaporean, and Chinese enterprises. We also found various versions of Daserf that employ different techniques and use steganography—embedding codes in unexpected mediums or locations (i.e., images)—to conceal themselves better.Read More