News • Insights • Analysis
FBI is issuing this announcement to ask the public to report information about PRC-affiliated activity publicly tracked as “Salt Typhoon” and the compromise of multiple US telecommunications companies, especially information about specific individuals behind the campaign. Investigation into these actors Read More …
Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is Read More …
The European Commission is giving staffers visiting the US on official business burner laptops and phones to avoid espionage attempts, according to the Financial Times. The use of clean and locked-down hardware is common practice for anyone visiting China, Russia, Read More …
The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, Trend Micro researchers covered how BPFDoor and Read More …
Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks Read More …
GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in Read More …
NSO Group’s notorious spyware Pegasus was used to target 1,223 WhatsApp users in 51 different countries during a 2019 hacking campaign, according to a new court document. The document was published on Friday as part of the lawsuit that Meta-owned Read More …
MOONSHINE and BADBAZAAR are examples of trojans; they have malicious functions hidden inside an otherwise functioning app that can be downloaded from app stores or online file-sharing services. These apps are designed to trick a user into downloading and installing Read More …
The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors. The Read More …
Water Gamayun, a suspected Russian threat actor also known as EncryptHub and Larva-208, has been exploiting the MSC EvilTwin (CVE-2025-26633), a zero-day vulnerability that was patched on March 11. In the first installment of this two-part series, Trend Research discussed Read More …
