Tag Trend Micro

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

New Malware Uncovered Linked to Chinese Cybercriminals Targeting Southeast Asian Gaming Sector May 10, 2013 Recent findings by researchers at Trend Micro reveal a sophisticated form of malware associated with the Winnti group, a well-known Chinese cybercriminal organization. This backdoor malware primarily targets organizations within the Southeast Asian video gaming…

Read More

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

Chinese Hackers Exposed by U.S. Water Control System Decoy

August 5, 2013

A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.

Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.

These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.

Chinese Hackers Compromised by Deceptive U.S. Water Control System Honeypots August 5, 2013 In a recent revelation, a prominent hacker group from China, identified as APT1 or the Comment Crew, has been implicated in an attempted breach of a simulated United States water control system that was, in fact, a…

Read More

Chinese Hackers Exposed by U.S. Water Control System Decoy

August 5, 2013

A notorious hacking group from China, known as APT1 or Comment Crew, potentially affiliated with the Chinese military, has been caught infiltrating a simulated United States water control system, also referred to as a honeypot. Kyle Wilhoit, a researcher from Trend Micro, disclosed the findings at the BlackHat Conference this past Wednesday.

Back in December, the hackers targeted a water control system for a U.S. municipality, unaware it was a ruse set up by Wilhoit. The decoy utilized a Word document embedded with malicious software, allowing for complete access.

These honeypots closely resembled the ICS/SCADA devices employed in critical infrastructure for power and water facilities. The setup, which employed cloud software, produced realistic web-based login and configuration screens for local water plants, making them look as though they were based in various countries, including Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have traced the activity back to the APT1 Group, which was previously linked to by the security firm Mandiant.

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Vulnerabilities, Docker Breach, and 15 Additional Stories

In an era where technology often blurs the line between benign and harmful use, cybersecurity challenges are evolving rapidly. Recent insights reveal a trend where cyber adversaries engage in more subtle exploitation tactics, seamlessly integrating malicious activities within widely used tools, applications, and AI systems. The once-clear narratives of “hacker”…

Read MoreThreatsDay Bulletin: Stealth Loaders, AI Chatbot Vulnerabilities, Docker Breach, and 15 Additional Stories

⚡ Weekly Roundup: AI Automation Breaches, Telecom Spying, Prompt Theft & Beyond

This week underscored a critical lesson: minor oversights can lead to significant consequences. Tools designed to streamline operations quickly become vulnerabilities when basic protections are disregarded. Attackers didn’t rely on sophisticated methods; they exploited existing exposure and acted swiftly in environments lacking adequate defenses. The scale of the attacks exacerbated…

Read More⚡ Weekly Roundup: AI Automation Breaches, Telecom Spying, Prompt Theft & Beyond

New Fileless Ransomware with Code Injection Capabilities Discovered in the Wild

Emerging Threat: Fileless Ransomware “Sorebrect” Targets Enterprises Cybercriminals are evolving, leveraging increasingly sophisticated tactics to execute attacks. A recent report highlights the emergence of a fileless ransomware strain known as “Sorebrect.” Unlike traditional ransomware, which often relies on files to infect systems, Sorebrect injects malicious code directly into legitimate processes,…

Read MoreNew Fileless Ransomware with Code Injection Capabilities Discovered in the Wild

Experts Uncover Cyber Espionage Campaigns by CopyKittens Hackers

Major Cyber Espionage Campaign Identified, Targeting Government and Academic Sectors Security analysts have uncovered a significant cyber espionage initiative primarily directed at personnel within government, defense, and academic institutions across various nations. This campaign is attributed to a threat group connected to Iran, with comprehensive findings detailed in a report…

Read MoreExperts Uncover Cyber Espionage Campaigns by CopyKittens Hackers

How Opening a Malicious PowerPoint File Can Compromise Your PC

In recent developments within the cybersecurity landscape, a noteworthy malware campaign has emerged, capitalizing on a previously reported vulnerability in Microsoft Office. This particular flaw, identified as CVE-2017-0199, relates to the Windows Object Linking and Embedding (OLE) interface. Although Microsoft issued a patch addressing this vulnerability earlier this year, threat…

Read MoreHow Opening a Malicious PowerPoint File Can Compromise Your PC

Microsoft Releases Patches for 80 Vulnerabilities, Including Two Currently Under Attack

In its March 2023 Patch Tuesday update, Microsoft disclosed fixes for 80 security vulnerabilities, two of which have been actively exploited in the wild. These vulnerabilities target critical components within the Microsoft ecosystem, with eight categorized as Critical, 71 as Important, and one as Moderate in severity. This update continues…

Read MoreMicrosoft Releases Patches for 80 Vulnerabilities, Including Two Currently Under Attack

MS Office’s Built-In Feature Could Be Misused to Develop Self-Replicating Malware

New Macro Malware Threat Targets Microsoft Office Users Recently, a cybersecurity researcher revealed a significant security flaw affecting all versions of Microsoft Office that permits the creation and propagation of macro-based self-replicating malware. This vulnerability allows attackers to generate malicious macros that can reproduce themselves and infect other documents, a…

Read MoreMS Office’s Built-In Feature Could Be Misused to Develop Self-Replicating Malware