We found that Tropic Trooper’s latest activities center on targeting Taiwanese and the Philippine military’s physically isolated networks through a USBferry attack. We also observed targets among military/navy agencies, government institutions, military hospitals, and even a national bank. The group employs USBferry, a USB malware that performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage. We started tracking this particular campaign in 2018, and our analysis shows that it uses a fake executable decoy and a USB trojan strategy to steal information. The post Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments appeared first on .
...moreSummary
Total Articles Found: 4
Top sources:
Top Keywords:
- Malware: 3
- Targeted Attacks: 1
- cyberespionage: 1
- KeyBoy: 1
- military: 1
Top Authors
- Trend Micro: 4
Top Articles:
- From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
- CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution
- Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
- QNodeService: Node.js Trojan Spread via Covid-19 Lure
Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
Published: 2020-05-12 12:18:31
Popularity: 4
Author: Trend Micro
Keywords:
QNodeService: Node.js Trojan Spread via Covid-19 Lure
Published: 2020-05-14 17:29:19
Popularity: 4
Author: Trend Micro
Keywords:
QNodeService is a new, undetected malware sample written in Node.js, which is an unusual choice for malware authors. The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. The post QNodeService: Node.js Trojan Spread via Covid-19 Lure appeared first on .
...moreCVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution
Published: 2019-03-14 12:01:00
Popularity: 65
Author: Trend Micro
Keywords:
A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning. The post CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution appeared first on .
...moreFrom Fileless Techniques to Using Steganography: Examining Powload’s Evolution
Published: 2019-03-12 15:31:16
Popularity: 66
Author: Trend Micro
Keywords:
LLM Says: "Malware evolution"
In some of the recent Powload-related incidents we saw, we noticed significant changes to some of the attachments in the spam emails: the use of steganography and targeting of specific countries. Figure 2 shows the difference. For example, the samples we analyzed in early 2018 had more straightforward infection chains. These updates added another stage to the execution of malicious routines as a way to evade detection. The Powload variants that use these techniques drop and execute the Ursnif and Bebloh data stealers. We did not see any notable differences in the payloads’ routines. The distribution tactics also resemble a spam campaign we uncovered last year, which delivered the same information stealers but distributed via the Cutwail botnet. The post From Fileless Techniques to Using Steganography: Examining Powload’s Evolution appeared first on .
...more