Since the beginning of 2024, Trend Micro have been receiving incident response cases from Taiwan. Trend Micro researchers track this unidentified threat cluster as TIDRONE. Their research reveals that the threat actors have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.
Furthermore, telemetry from VirusTotal indicates that the targeted countries are varied; thus, everyone should stay vigilant of this threat. This report also investigates the latest TTPs and the evolution of tools like CXCLNT and CLNTEND, presenting the attack chain to illustrate the threat actor’s behavior within victims’ systems. The TTPs confirm that the threat actors have consistently updated their arsenal and optimized the attack chain.
Read more…
Source: Trend Micro
Related:
- Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm
September 2, 2022
In March 2021, Trend Micro researchers investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. Its type of modular framework has made Trend Micro static analysis more challenging because it required us to first rebuild its structure or use dynamic analysis to understand its ...
- Taiwanese military reports DDoS in wake of Pelosi visit
August 4, 2022
Taiwan’s Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors. The ministry said the network was attacked around 23:40 with connection restored by 00:30 local time on Thursday. Cabinet spokesperson Lo Ping-cheng said work on heightening ...
- Website of Taiwan’s presidential office receives overseas cyber attack
August 2, 2022
The website of Taiwan’s presidential office received an overseas cyber attack on Tuesday and was at one point malfunctioning, a source briefed on the matter said. The website was shortly brought back online, the source told Reuters. U.S. House of Representatives Speaker Nancy Pelosi was expected to arrive in Taipei later on Tuesday, people briefed on ...
- Roaming Mantis hits Android and iOS users in malware, phishing attacks
July 19, 2022
After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February. In a recently observed campaign, the threat actor ...
- An unknown APT actor attacking high-profile entities in Europe and Asia
June 21, 2022
ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly ...
- Roaming Mantis reaches Europe
February 7, 2022
Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. Kaspersky researchers have been tracking Roaming Mantis since 2018, and they observed some new activities by Roaming Mantis in 2021, and some changes in the Android Trojan Wroba.g (or Wroba.o, a.k.a Moqhao, XLoader) that’s mainly used in this campaign. ...