Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong.
Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023. Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.
Read more…
Source: Kaspersky
Related:
- Ransomware gangs now have industrial targets in their sights
February 2, 2021
Ransomware attacks are a potential danger for any organisation, with ransomware variants including Conti, Egregor, Maze and many others still successfully compromising victims across all industries – but there are some industries that criminal gangs are targeting more than others. The ransomware attacks are successful because many organisations can’t afford for their network to be out ...
- Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection
February 2, 2021
Agent Tesla malware variants are now using new techniques to try and eradicate endpoint antivirus security. On Tuesday, Sophos researchers said that two new variants of the Remote Access Trojan (RAT) are targeting Microsoft Anti-Malware Software Interface (AMSI), scanning and analysis software designed to prevent malware infections from taking hold. Agent Tesla operators will now attempt to ...
- Minnesota: Netgain ransomware incident impacts local governments
February 2, 2021
The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. The government of Ramsey County learned about the potential breach on December 2, 2020, when Netagin ...
- Trickbot malware now maps victims’ networks using Masscan
February 2, 2021
The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim’s computer. This new module, dubbed masrv, uses the open-source masscan tool, a mass port scanner with its own TCP/IP stack and capable of scanning large swaths of the Internet in a matter of minutes. Trickbot uses the ...
- Finding and Decoding Multi-Step Obfuscated Malware
February 2, 2021
Recently, in the process of a threat investigation, Trend Micro researchers found an interesting event. A process (nslookup.exe) that tried to connect to a malicious URL that was already blocked by trend Micro solutions. We could have stopped at this point, but searching for the root cause is part of managed detection and response (MDR) — ...
- This Linux malware is hijacking supercomputers across the globe
February 2, 2021
A small but complex malware variant is targeting supercomputers worldwide. Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets. The cybersecurity ...