• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   CVE-2017-11882

Tropic Trooper’s New Strategy

  • Posted on:March 14, 2018 at 7:01 am
  • Posted in:Exploits, Malware, Targeted Attacks
  • Author:
    Trend Micro
0

Tropic Trooper (also known as KeyBoy) levels its campaigns against Taiwanese, Philippine, and Hong Kong targets, focusing on their government, healthcare, transportation, and high-tech industries. Its operators are believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. Many of the tools they use now feature new behaviors, including a change in the way they maintain a foothold in the targeted network.

Read More
Tags: CVE-2017-11882CVE-2018-0802KeyBoyManaged Detection and ResponseOperation Tropic Troopertropic trooper

Deciphering Confucius’ Cyberespionage Operations

  • Posted on:February 13, 2018 at 5:01 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

In today’s online chat and dating scene, romance scams are not uncommon, what with catfishers and West African cybercriminals potently toying with their victims’ emotions to cash in on their bank accounts. It’s quite odd (and probably underreported), however, to see it used as a vector for cyberespionage.

We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations, and found a number of similarities. Code in their custom malware bore similarities, for instance. And like Patchwork, Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.

Read More
Tags: ConfuciusCVE-2015-1641CVE-2017-11882PatchworkRomance Scam

CVE-2017-11882 Exploited to Deliver a Cracked Version of the Loki Infostealer

  • Posted on:December 20, 2017 at 12:22 am
  • Posted in:Exploits, Malware, Spam
  • Author:
    Trend Micro
0

The Cobalt hacking group was one of the first to promptly and actively exploit CVE-2017-11882 (patched last November) in their cybercriminal campaigns. We uncovered several others following suit in early December, delivering a plethora of threats that included Pony/FAREIT, FormBook, ZBOT, and Ursnif. Another stood out to us: a recent campaign that used the same vulnerability to install a “cracked” version of the information-stealing Loki.

Read More
Tags: CVE-2017-11882LokiSpam

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.