• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Targeted Attacks

New MacOS Backdoor Linked to OceanLotus Found
  • Posted on:April 4, 2018 at 9:00 am
  • Posted in:Targeted Attacks
  • Author:
    Jaromir Horejsi (Threat Researcher)
0

We identified a MacOS backdoor (detected by Trend Micro as  OSX_OCEANLOTUS.D) that we believe is the latest version of a threat used by OceanLotus (a.k.a. APT 32, OceanLotus, APT-C-00, SeaLotus, and Cobalt Kitty). OceanLotus was responsible for launching targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms. The attackers behind OSX_OCEANLOTUS.D target MacOS computers which have the Perl programming language installed.

The MacOS backdoor was found in a malicious Word document presumably distributed via email. The document bears the filename “2018-PHIẾU  GHI  DANH  THAM  DỰ  TĨNH  HỘI HMDC 2018.doc,” which translates to “2018-REGISTRATION FORM OF HMDC ASSEMBLY 2018.doc.” The document claims to be a registration form for an event with HDMC, an organization in Vietnam that advertises national independence and democracy.

Read More
Tags: MacOS backdoorOceanLotus

ChessMaster Adds Updated Tools to Its Arsenal
  • Posted on:March 29, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro
0

In this blog post, we analyze ChessMaster’s current status, including the updated tools in its arsenal — with a particular focus on the evolution of ANEL and how it is used in the campaign.

Read More
Tags: ChessMasterManaged Detection and Responsetargeted attacks

Tropic Trooper’s New Strategy
  • Posted on:March 14, 2018 at 7:01 am
  • Posted in:Exploits, Malware, Targeted Attacks
  • Author:
    Trend Micro
0

Tropic Trooper (also known as KeyBoy) levels its campaigns against Taiwanese, Philippine, and Hong Kong targets, focusing on their government, healthcare, transportation, and high-tech industries. Its operators are believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. Many of the tools they use now feature new behaviors, including a change in the way they maintain a foothold in the targeted network.

Read More
Tags: CVE-2017-11882CVE-2018-0802KeyBoyManaged Detection and ResponseOperation Tropic Troopertropic trooper

Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
  • Posted on:March 12, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Jaromir Horejsi (Threat Researcher)
0

We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia.

Read More
Tags: Managed Detection and ResponseMuddyWater

Deciphering Confucius’ Cyberespionage Operations
  • Posted on:February 13, 2018 at 5:01 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

In today’s online chat and dating scene, romance scams are not uncommon, what with catfishers and West African cybercriminals potently toying with their victims’ emotions to cash in on their bank accounts. It’s quite odd (and probably underreported), however, to see it used as a vector for cyberespionage.

We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations, and found a number of similarities. Code in their custom malware bore similarities, for instance. And like Patchwork, Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.

Read More
Tags: ConfuciusCVE-2015-1641CVE-2017-11882PatchworkRomance Scam
Page 1 of 5712 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.