In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file (LNK) disguised as a photo file within the zip archive. Unlike conventional phishing campaigns, the malware abuses The Open Network (TON) blockchain platform as a dead drop resolver, a technique that allows attackers to update their command-and-control (C&C) server destination without hardcoding it into the malware, making detection and takedown significantly more difficult.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Japan’s biggest port hit by suspected cyberattack, operations halted
July 5, 2023
The Port of Nagoya, Japan’s largest port by total cargo throughput and responsible for handling some of Toyota Motor Corp.’s car exports, has suffered a crippling system glitch, with the port operator saying Wednesday it suspects a cyberattack. As of noon, the port in central Japan remained unable to load and unload containers from trailers. Police ...
- Cloud misconfiguration causes massive data breach at Toyota Motor
June 6, 2023
Japanese automaker Toyota Motor said approximately 260,000 customers’ data was exposed online due to a misconfigured cloud environment. Along with customers in Japan, data of certain customers in Asia and Oceania was also exposed. Toyota Motor has implemented measures to block access to the data from the outside and is investigating the matter including all cloud ...
- Registration for DSEI Japan ends 8 March 2023
March 1, 2023
Time is running out! Connect with the Japanese defence industry – register for DSEI Japan and take advantage of Japan’s biggest defence event before registration closes on 8 March 2023 at 15:00 GMT. DSEI Japan 2023 is going to be the biggest edition yet, featuring full Japanese government support by the Japanese MoD, Ministry of Foreign Affairs ...
- Invitation to a secret event: Uncovering Earth Yako’s campaigns
February 16, 2023
In 2021, Trend Micro researchers observed several targeted attacks against researchers of academic organizations and think tanks in Japan. Trend Micro have since been tracking this series of attacks and identified the new intrusion set we have named “Earth Yako”. Their research points the attribution to the known campaign “Operation RestyLink” or “Enelink”. Upon investigating several ...
- Hackers target Japanese politicians with new MirrorStealer malware
December 15, 2022
A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer.’ The campaign was discovered by ESET, whose analysts report they could piece together evidence thanks to operational mistakes made by the hackers that left traces behind. The ...
- Japan, Australia, to bolster cyber-defenses, maybe offensive capacity too
December 11, 2022
Australia’s home affairs and cybersecurity minister Clare O’Neill has given the nation a goal of becoming the world’s most cyber secure nation by 2030. “I believe that is possible. But we need a reset, and a pathway to get there,” the minister said in a speech late last week, in which she described the 2030 goal ...