Since the beginning of 2024, Trend Micro have been receiving incident response cases from Taiwan. Trend Micro researchers track this unidentified threat cluster as TIDRONE. Their research reveals that the threat actors have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.
Furthermore, telemetry from VirusTotal indicates that the targeted countries are varied; thus, everyone should stay vigilant of this threat. This report also investigates the latest TTPs and the evolution of tools like CXCLNT and CLNTEND, presenting the attack chain to illustrate the threat actor’s behavior within victims’ systems. The TTPs confirm that the threat actors have consistently updated their arsenal and optimized the attack chain.
Read more…
Source: Trend Micro
Related:
- TIDRONE Targets Military and Satellite Industries in Taiwan
September 6, 2024
Since the beginning of 2024, Trend Micro have been receiving incident response cases from Taiwan. Trend Micro researchers track this unidentified threat cluster as TIDRONE. Their research reveals that the threat actors have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. Furthermore, telemetry from VirusTotal indicates that the targeted countries are ...
- Tropic Trooper spies on government entities in the Middle East
September 5, 2024
Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle ...
- Chinese hackers have stepped up attacks on Taiwanese organizations
June 24, 2024
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future. RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded ...
- 23-year-old man accused of running $100 million online narcotics marketplace
May 21, 2024
Federal authorities have arrested a 23-year-old Taiwanese national and charged him with running an online market that sold $100 million worth of illicit narcotics, including fentanyl, cocaine, methamphetamine, heroin, LSD, and ketamine. The authorities said that for almost four years, Rui-Siang Lin operated and owned the Incognito Market, an online marketplace on the dark web that ...
- Androxgh0st malware ramps up global attacks
April 22, 2024
More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread. The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from ...
- Hackers stole ‘sensitive’ data from Taiwan telecom giant
March 1, 2024
Hackers stole “sensitive information” including military and government documents from Taiwan’s largest telecom company and sold it on the dark web, the island’s ministry of national defence has said. The confirmation of the democratic island’s latest major data leak followed a report by local news channel TVBS on the hack of telecom giant Chunghwa Telecom. Read more… Source: ...