In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file (LNK) disguised as a photo file within the zip archive. Unlike conventional phishing campaigns, the malware abuses The Open Network (TON) blockchain platform as a dead drop resolver, a technique that allows attackers to update their command-and-control (C&C) server destination without hardcoding it into the malware, making detection and takedown significantly more difficult.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- APT10: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
November 17, 2020
A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-gathering operation. Companies in multiple sectors are targeted in this campaign, including those operating in the automotive, pharmaceutical, and engineering sector, as well as managed service providers (MSPs). The scale and sophistication of ...
- Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware
August 24, 2020
Cyber-security firm Group-IB says it identified a group of low-skilled hackers operating out of Iran that has been launching attacks against companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. The attacks have targeted companies located in Russia, Japan, China, and India, according to a report Group-IB researchers published ...
- Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
March 11, 2020
Trend Micro recently discovered a new campaign that we dubbed “Operation Overtrap” for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on our telemetry, Operation Overtrap has been active since April 2019 ...
- Japanese government to create and maintain defensive malware
May 3, 2019
The Japanese Defense Ministry will create and maintain cyber-weapons in the form of malware that it plans to use in a defensive capacity. Once created, these malware strains, consisting of viruses and backdoors, will become Japan’s first-ever cyber-weapon, Japanese media reported earlier this week, citing a government source . The malware is expected to be finished by ...
- Japanese government plans to hack into citizens’ IoT devices
January 27, 2019
The Japanese government approved a law amendment on Friday that will allow government workers to hack into people’s Internet of Things devices as part of an unprecedented survey of insecure IoT devices. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal ...
- Five other countries formally accuse China of APT10 hacking spree
December 21, 2018
After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations. Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of ...