DarkHotel hackers use VPN zero-day to breach Chinese government agencies

Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which Read More …

Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One

FireEye Mandiant Threat Intelligence documented more zero-days exploited in 2019 than any of the previous three years. While not every instance of zero-day exploitation can be attributed to a tracked group, we noted that a wider range of tracked actors Read More …

The remote-working rush is creating a playground for spies and cybercrooks

Hundreds of millions of people are now working from home as a result of the ongoing COVID-19 coronavirus outbreak. Most organisations have a disaster recovery plan and a business continuity strategy in place to cope with the more predictable catastrophes, like a Read More …

Investigation into a Nefilim Attack Shows Signs of Lateral Movement, Possible Data Exfiltration

Trend Micro’s Managed XDR (MxDR) and Incident Response (IR) teams recently investigated an incident involving a company that was hit by the Nefilim ransomware, which was initially discovered in March 2020. What makes Nefilim especially devious is that the threat actors behind the Read More …

Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization (WHO) with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure. Read More …

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many Read More …