Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted. Read More HERE…

Read more

Prevent BEC with AI-Powered Email and Collaboration

Latest Trend Vision One™ platform integration addresses growing need for streamlined IT and security operations across email and messaging environments. Read More HERE…

Read more

Reduce Business Email Compromise with Collaboration

Here’s the latest Trend Vision One™ platform integration addressing the growing need for collaboration in business email security space. Read More HERE…

Read more

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023. Read More HERE…

Read more

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. Read More HERE…

Read more

APT34 Deploys Phishing Attack With New Malware

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia. Read More HERE…

Read more

Analyzing a Facebook Profile Stealer Written in Node.js

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. Read More HERE…

Read more

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign. Read More HERE…

Read more

SeroXen Mechanisms: Exploring Distribution, Risks, and Impact

This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators. Read More HERE…

Read more

SeroXen Incorporates Latest BatCloak Engine Iteration

We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware. Read More HERE…

Read more