In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file (LNK) disguised as a photo file within the zip archive. Unlike conventional phishing campaigns, the malware abuses The Open Network (TON) blockchain platform as a dead drop resolver, a technique that allows attackers to update their command-and-control (C&C) server destination without hardcoding it into the malware, making detection and takedown significantly more difficult.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security
September 3, 2018
n advanced threat actor has been associated with China’s Ministry of State Security via two individuals and a Chinese firm. Researchers claim that APT10, a likely China-based threat actor, is believed directly connected to the Chinese Ministry of State Security’s (MSS) Tianjin bureau. The allegations come from CrowdStrike which released a report Friday that claims it has found firm ...
- Japan crafts new cybersecurity strategy for 2020 Tokyo Olympics
July 25, 2018
The government crafted a new cybersecurity strategy Wednesday as it steps up preparations for the Tokyo Olympic and Paralympic Games in 2020. During a meeting at the prime minister’s office, it also decided to introduce a five-stage index to classify the severity of cyberattacks to help people understand the magnitude of threats and take necessary action. The ...
- FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
June 19, 2018
Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published ...
- Cyberespionage Group Steps Up Campaigns Against Japanese Firms
October 14, 2017
Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group’s current modus operandi. In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of Dell Technologies, researchers paint the most complete picture yet of ...
- Japan and China wake up to global ‘ransomware’ cyberattack while Microsoft slams US government
May 15, 2017
Japan and China have fallen victim of a global “ransomware” cyberattack that has created chaos in 150 countries as Microsoft pinned blame on the US government for not disclosing more software vulnerabilities. The initial attack, known as “WannaCry,” paralyzed more than 200,000 computers, including those which that run Britain’s hospital network, Germany’s national railway and other companies and government agencies ...