Advanced Persistent Threat

January 6, 2020

Trend Micro found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that ...

December 31, 2019

Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed. Redmond said that it had taken control of web domains used by Thallium to steal information. The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that ...

December 23, 2019

Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a ...

December 17, 2019

Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and malware outbreaks including the infamous WannaCry rampage, the $80 million Bangladeshi bank heist, and a new campaign impacting financial institutions worldwide. Recent reports ...

December 12, 2019

The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to ...

December 4, 2019

What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach ...

December 4, 2019

In November 2019, Trend Micro published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristics: notably that these samples were making use of ...

November 29, 2019

Targeted attacks and malware campaigns, Mobile espionage targeting the Middle East At the end of June Kaspersky reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May ...

November 23, 2019

Chinese cyber-security vendor Qihoo 360 published a report on Friday exposing an extensive hacking operation targeting the country of Kazakhstan. Targets included individuals and organizations involving all walks of life, such as government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, the educational sector, religious figures, government dissidents, and foreign diplomats alike. The campaign, Qihoo 360 ...

November 21, 2019

A malware downloader has been spotted using novel “Port Monitor” methods that have not been detected before in active campaigns. Dubbed DePriMon, the malicious downloader is used to deploy malware used by Lambert — also known as the Longhorn advanced persistent threat (APT) group — which specializes in attacks against European and Middle Eastern companies. Kaspersky estimates ...