• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Targeted Attacks

Supply Chain Attack Operation Red Signature Targets South Korean Organizations
  • Posted on:August 21, 2018 at 6:04 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

Together with our colleagues at IssueMakersLab, we uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discovered the attacks around the end of July, while the media reported the attack in South Korea on August 6.

The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.

9002 RAT also installed additional malicious tools: an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper. These tools hint at how the attackers are also after data stored in their target’s web server and database.

Read More
Tags: Operation Red SignatureSouth Koreasupply chain

Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication
  • Posted on:July 17, 2018 at 5:01 am
  • Posted in:Targeted Attacks
  • Author:
    Joey Chen (Threats Analyst)
0

Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we found their campaigns attacking Japanese organizations with various malware tools, notably the Elirks backdoor. Blackgear’s operators are well-organized, developing their own tools, which we observed to have been recently fine-tuned, based on their latest attacks.

Read More
Tags: BLACKGEARComnieManaged Detection and ResponseMaradeProtuxTopgear

New Andariel Reconnaissance Tactics Hint At Next Targets
  • Posted on:July 16, 2018 at 8:10 am
  • Posted in:Bad Sites, Targeted Attacks
  • Author:
    Joseph C Chen (Fraud Researcher)
0

Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets’ systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.

Read More
Tags: Targeted Attack

Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor
  • Posted on:June 14, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro
0

we found a new sample that may be related to the MuddyWater campaign. Like the previous campaigns, these samples again involve a Microsoft Word document embedded with a malicious macro that is capable of executing PowerShell scripts leading to a backdoor payload. One notable difference in the analyzed samples is that they do not directly download the Visual Basic Script and PowerShell component files, and instead encode all the scripts on the document itself.

Read More
Tags: MuddyWaterPowershellPRB-Backdoortargeted attacksWindows Powershell

Confucius Update: New Tools and Techniques, Further Connections with Patchwork
  • Posted on:May 23, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.

Read More
Tags: ConfuciusDelphiHangoverPatchworkTargeted Attack
Page 1 of 5812 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
  • New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel
  • How Machine Learning Can Help Identify Web Defacement Campaigns
  • Malware Targeting Bitcoin ATMs Pops Up in the Underground
  • Ransomware as a Service Princess Evolution Looking for Affiliates

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.