Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry.
The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a legitimate browser-related file, Edge.exe (originally named cookie_exporter.exe), to sideload a malicious msedge.dll (SWORDLDR), which subsequently deployed the Charon ransomware payload. Analysis of the msedge.dll component revealed it was designed to load a file named DumpStack.log, which was absent from the Trend Micro initial telemetry.
Read more…
Source:Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Florida ransomware negotiator convicted for helping ransomware gang extort US companies
July 10, 2026
Florida man Angelo Martino has been sentenced to more than five years in prison for conspiring with hackers to deploy ransomware during his job as a ransomware negotiator for a U.S. cybersecurity company. The U.S. Department of Justice confirmed the sentence on Thursday, noting that the government seized more than $10 million worth of cryptocurrency and assets. Martino ...
- An unnamed US county paid $1M extortion demand to cybercriminals
July 9, 2026
A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted – just the criminals’ promise. This means the county’s stolen files may turn up for sale on a ...
- Hackers breached DHS information-sharing network
June 30, 2026
A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on ...
- AI models capable of devastating attacks on governments and business months away
June 22, 2026
Powerful AI models capable of devastating new cyber attacks on governments and businesses are mere months away, intelligence agencies for the Five Eyes have warned in a rare joint statement, urging leaders to “act now”. The surprising public intervention by signals agencies for Australia, the US, the UK, New Zealand and Canada comes after the Trump administration ...
- CIMB refutes claims of data breach involving 1.2 million records
March 4, 2026
CIMB Group Holdings Bhd has given assurance that claims circulating online about a data breach involving its customers are false and that customer data continues to be protected. The financial services provider said on social media platform X that its security teams have verified that all systems are secure and that customer data remains fully safeguarded. ...
- Ransomware payments drop to record low, even as attacks surge
February 27, 2026
Ransomware groups have never been this active, but have also never extorted this little money, new research has claimed. Market analysts Chainalysis found the number of ransomware incidents in 2025 rose by 50% compared to the previous year, earning criminals $820 million – although this number may still rise as more incidents are attributed to ransomware ...

