• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Cedric Pernet (Threat Researcher)

Threat Researcher

Winnti Abuses GitHub for C&C Communications
  • Posted on:March 22, 2017
  • Posted in:Malware, Targeted Attacks
  • Posted by:
    Cedric Pernet (Threat Researcher)
0

Developers constantly need to modify and rework their source codes when releasing new versions of applications or coding projects they create and maintain. This is what makes GitHub—an online repository hosting service that provides version control management—popular. In many ways, it’s like a social networking site for programmers and developers, one that provides a valuable platform for code management, sharing, collaboration, and integration.

GitHub is no stranger to misuse, however. Open-source ransomware projects EDA2 and Hidden Tear—supposedly created for educational purposes—were hosted on GitHub, and have since spawned various offshoots that have been found targeting enterprises. Tools that exploited vulnerabilities in Internet of Things (IoT) devices were also made available on GitHub. Even the Limitless Keylogger, which was used in targeted attacks, was linked to a GitHub project.

Other threat actors have abused GitHub—namely, the Winnti APT group. This time, however, Winnti abused GitHub by turning it into a conduit for the command and control (C&C) communications of their seemingly newfangled backdoor (detected by Trend Micro as BKDR64_WINNTI.ONM).

Read More
Tags: GitHubplugXWinnti

Distrust Breeds Enmity in the French Underground
  • Posted on:September 14, 2016
  • Posted in:Deep Web
  • Posted by:
    Cedric Pernet (Threat Researcher)
0

We now know that most of the murky dealings that French cybercriminals engage in happen in the dark recesses of the Deep Web, specifically in the Dark Web. Every now and then though, cybercriminals would make their presence felt on the Surface Web. A popular cybercriminal marketplace now gone, French Dark Net, for one, was seen recently promoting its offerings on YouTube. We’ve seen similarities between the French as well as the Brazilian and North American underground markets in that they use social media as a platform to promote their illegal business. What sets the French underground apart?

Read More
Tags: French Dark NetFrench underground

The French Dark Net Is Looking for Grammar Police
  • Posted on:September 8, 2016
  • Posted in:Deep Web
  • Posted by:
    Cedric Pernet (Threat Researcher)
0

Ecrivez-vous français parfaitement?

Can you read and write in French? Do you have a keen eye for detail to spot mistakes and correct French spelling and grammar? You may just have a promising career as a cybercriminal; that is if you don’t mind getting paid with stolen goods.

Following our recent discoveries in the French underground, we stumbled across another interesting development—the underground marketplace was looking for a “cleaner” and posted the role with a job description on their forum to find a suitable candidate. Based on the job description, a “cleaner” is a person tasked to clean up content by checking for misspellings and overall readability.

Read More
Tags: cleanerFrench Dark NetFrench underground

When Hackers Hack Each Other—A Staged Affair in the French Underground?
  • Posted on:August 23, 2016
  • Posted in:Deep Web
  • Posted by:
    Cedric Pernet (Threat Researcher)
0

Recently, Trend Micro published a blog post on a new illegal gambling system known as “French Dark Bets (FDB).” FDB is run and hosted by one of the biggest French underground marketplace, the French Dark Net (FDN). This betting system runs entirely on Bitcoins (BTC), which make it easy for cybercriminals to inject and collect money through this platform.

Over the last few weeks, a series of events caught our attention: The FDN and FDB went offline and came back online within a few days, announcing that they were hacked and money was stolen. Following this incident, FDN went back online with changed features.

Read More
Tags: FDBFDNFrench Dark BetFrench Dark NetFrench underground

French Dark Bets: Betting On Euro 2016
  • Posted on:July 12, 2016
  • Posted in:Deep Web
  • Posted by:
    Cedric Pernet (Threat Researcher)
0

While French underground marketplaces are typically located in the “Dark Web”, recently they ventured out onto YouTube to advertise the newest addition to their services: online gambling.

Read More
Tags: FDBFrench Dark BetFrench Dark NetFrench undergroundonline gambling
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.