• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Trend Micro Cyber Safety Solutions Team

Cyber Safety Solutions Team

Malicious Edge and Chrome Extension Used to Deliver Backdoor
  • Posted on:May 24, 2018
  • Posted in:Malware
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

We noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions’ source. It appears they are working on a new malware that — based on how they were coded — is most likely intended to spread through spam emails embedded with malicious attachments.

The downloader malware’s payload is what makes it notable. It delivers a version of the Revisit remote administration tool, which is used to hijack the infected system. More importantly, it also delivers a malicious extension that could serve as a backdoor, stealing information keyed in on browsers.

Read More
Tags: backdoorChromeDLOADREdge

Confucius Update: New Tools and Techniques, Further Connections with Patchwork
  • Posted on:May 23, 2018
  • Posted in:Targeted Attacks
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.

Read More
Tags: ConfuciusDelphiHangoverPatchworkTargeted Attack

Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
  • Posted on:March 21, 2018
  • Posted in:Malware, Vulnerabilities
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

Through our incident response-related monitoring, we observed intrusion attempts whose indicators we’ve been able to correlate to a previous cryptocurrency-mining campaign that used the JenkinsMiner malware. The difference: this campaign targets Linux servers. It’s also a classic case of reused vulnerabilities, as it exploits a rather outdated security flaw whose patch has been available for nearly five years.

Feedback from Trend Micro’s Smart Protection Network indicates it’s an active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India.

Read More
Tags: cryptocurrency minerCVE-2013-2618LinuxManaged Detection and ResponseMoneroWeathermap

Deciphering Confucius’ Cyberespionage Operations
  • Posted on:February 13, 2018
  • Posted in:Targeted Attacks
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

In today’s online chat and dating scene, romance scams are not uncommon, what with catfishers and West African cybercriminals potently toying with their victims’ emotions to cash in on their bank accounts. It’s quite odd (and probably underreported), however, to see it used as a vector for cyberespionage.

We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations, and found a number of similarities. Code in their custom malware bore similarities, for instance. And like Patchwork, Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.

Read More
Tags: ConfuciusCVE-2015-1641CVE-2017-11882PatchworkRomance Scam

Untangling the Patchwork Cyberespionage Group
  • Posted on:December 11, 2017
  • Posted in:Targeted Attacks, Vulnerabilities
  • Posted by:
    Trend Micro Cyber Safety Solutions Team
0

Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat.

We trailed Patchwork’s activities over the course of its campaigns in 2017. The diversity of their methods is notable—from the social engineering hooks, attack chains, and backdoors they deployed. They’ve also joined the Dynamic Data Exchange (DDE) and Windows Script Component (SCT) abuse bandwagons and started exploiting recently reported vulnerabilities. These imply they’re at least keeping an eye on other threats and security flaws that they can repurpose for their own ends. Also of note are its attempts to be more cautious and efficient in their operations.

Read More
Tags: Patchworkspear phishingTargeted Attack
Page 1 of 512 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Legitimate Application AnyDesk Bundled with New Ransomware Variant
  • FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
  • New Phishing Scam uses AES Encryption and Goes After Apple IDs
  • Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users
  • Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.