• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   targeted attacks

Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor

  • Posted on:June 14, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro
0

we found a new sample that may be related to the MuddyWater campaign. Like the previous campaigns, these samples again involve a Microsoft Word document embedded with a malicious macro that is capable of executing PowerShell scripts leading to a backdoor payload. One notable difference in the analyzed samples is that they do not directly download the Visual Basic Script and PowerShell component files, and instead encode all the scripts on the document itself.

Read More
Tags: MuddyWaterPowershellPRB-Backdoortargeted attacksWindows Powershell

ChessMaster Adds Updated Tools to Its Arsenal

  • Posted on:March 29, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro
0

In this blog post, we analyze ChessMaster’s current status, including the updated tools in its arsenal — with a particular focus on the evolution of ANEL and how it is used in the campaign.

Read More
Tags: ChessMasterManaged Detection and Responsetargeted attacks

IXESHE Derivative IHEATE Targets Users in America

  • Posted on:May 27, 2016 at 7:13 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro
0

Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.

Read More
Tags: IHEATEIXESHEtargeted attacks

Pawn Storm Targets German Christian Democratic Union

  • Posted on:May 11, 2016 at 8:21 am
  • Posted in:Targeted Attacks
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

April last year, Pawn Storm reportedly compromised computers of the German Bundestag using data-stealing malware. This was the first documented political attack of Pawn Storm against Germany. One year later, this espionage actor group takes a swing once again.

In April 2016, we discovered that Pawn Storm started a new attack against the German Christian Democratic Union (CDU), the political party of the Chancellor of Germany, Angela Merkel.

The attack consisted of seemingly coordinated credential phishing attacks against the CDU and high profile users of two German freemail providers. A fake corporate webmail server of CDU was set up in Latvia for advanced credential phishing. Around the same time, three domains were created for credential phishing targeting high-profile individual users of two German free webmail providers. The main fake webmail server of CDU was set up in Latvia, but the free webmail credential phishing sites are on servers of the Virtual Private Server provider in the Netherlands we have discussed previously.

Read More
Tags: CDUGerman Christian Democratic UnionGermanyPawn Stormtargeted attacks

Looking Into a Cyber-Attack Facilitator in the Netherlands

  • Posted on:April 21, 2016 at 3:23 am
  • Posted in:Bad Sites, Malware, Targeted Attacks
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

A small webhosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious APT incidents that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is registered in Dubai, United Arab Emirates (UAE). But from public postings on the Internet, it is apparent that the owner doesn’t really care about laws in UAE. In fact, Pawn Storm and another APT group, attacked the government of UAE using servers of the VPS provider through highly targeted credential phishing. Other threat actors like DustySky (also known as the Gaza hackers) are also regularly using the VPS provider to host their Command and Control (C&C) servers and to send spear phishing e-mails.

Read More
Tags: bulletproof hostingDustySkyPawn Stormtargeted attacks
Page 1 of 1312 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.