The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
Read More
We found cyberespionage group TICK targeting critical systems and enterprises, attempting to steal information to benefit this APT group’s sponsor. In this research brief, we show the timeline of the group’s activities and malware development, as well as the technical analyses of the new malware families, modified tools, and upgraded malware routines.
Read More By Gabrielle Joyce Mabutas Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a…
Read More
We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be the work of a group involved in business email compromise (BEC) or cybercrime, and unlikely to be an advanced persistent threat (APT).
Read More In TA505 group’s latest campaign, they started using HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target users in South Korea. We also touch on the latest TA505 developments, including an email stealer, their use of legitimate software and MSI Installer, and more.
Read More