Tracking Earth Aughisky’s Malware and Changes

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed. Read More HERE…

Read more

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. Read More HERE…

Read more

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints. Read More HERE…

Read more

Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm

In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities. Read More HERE…

Read more

Tackling the Growing and Evolving Digital Attack Surface: 2022 Midyear Cybersecurity Report

This blog entry highlights the threats that dominated the first six months of the year, which we discussed in detail in our midyear cybersecurity roundup report, “Defending the Expanding Attack Surface.” Read More HERE…

Read more

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware. Read More HERE…

Read more

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

We found APT group Iron Tiger’s malware compromising chat application Mimi’s servers in a supply chain attack. Read More HERE…

Read more

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension. Read More HERE…

Read more

How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community. Read More HERE…

Read more