Research, News, and Perspectives

APT & Targeted Attacks

Examining the Activities of the Turla APT Group

We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.

Sep 22, 2023

Save to Folio

Sep 22, 2023

Save to Folio

Cyber Threats

Decoding Turla: Trend Micro's MITRE Performance

This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro's 100% successful protection performance.

Latest News Sep 21, 2023

Save to Folio

Latest News Sep 21, 2023

Save to Folio

Cyber Threats

Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign

This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud.

Latest News Sep 21, 2023

Save to Folio

Latest News Sep 21, 2023

Save to Folio

Exploits & Vulnerabilities

Attacks on 5G Infrastructure From Users’ Devices

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.

Sep 20, 2023

Save to Folio

Sep 20, 2023

Save to Folio

Cyber Threats

Unsung Hero in Cyber Risk Management

Behind the scenes of the world of vulnerability intelligence and threat hunting

Latest News Sep 19, 2023

Save to Folio

Latest News Sep 19, 2023

Save to Folio

Malware

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.

Research Sep 18, 2023

Save to Folio

Research Sep 18, 2023

Save to Folio

Ransomware

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Research Sep 13, 2023

Save to Folio

Research Sep 13, 2023

Save to Folio

Compliance & Risks

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.

Security Strategies Sep 08, 2023

Save to Folio

Security Strategies Sep 08, 2023

Save to Folio

Malware

Analyzing a Facebook Profile Stealer Written in Node.js

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

Research Sep 05, 2023

Save to Folio

Research Sep 05, 2023

Save to Folio

Cyber Threats

A new perspective: XDR, optics and the kaleidoscopic attack surface

Whilst every organisation differs, there are two shared problems we observe across multiple industries: stretched human resources and lack of visibility. Essentially, stealthy threats evade detection and hide between siloed solution alerts, propagating as time passes. In the meantime, overwhelmed security analysts try to triage and investigate threats through narrow, and disconnected attack viewpoints.

Reports Sep 04, 2023

Save to Folio

Reports Sep 04, 2023

Save to Folio