Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Trend Micro Research Profile picture
Trend Micro Research
@TrendMicroRSRCH
Security research, news, and information direct from @TrendMicro experts.
Aug 29, 2023 8 tweets 2 min read
1/8: The #Rhadamanthys stealer uses Google Ads mimicking popular software such as AnyDesk, Zoom, and OBS to lure victims to their phishing sites to steal sensitive information.

Follow this thread as we discuss more about this threat. ⏬ Image 2/8: Recently, we came across a new #Rhadamanthys variant that adds a payload bundle consisting of ransomware, a ClipBanker trojan, and a cryptocurrency miner, creating a more sophisticated threat. Image
Oct 18, 2022 5 tweets 3 min read
[1/5] APT group #EarthAughisky (aka Taidoor) has been consistently involved in #cyberespionage activities that target organizations in Taiwan for over 10 years. Follow this thread for more. [2/5] Earth Aughisky’s arsenal and deployments vary according to the sensitivities and perceived values of its targets. The higher the value of the personalities, organizations, and/or systems, the more customizations the malware has and the less deployment sightings.
Oct 17, 2022 5 tweets 3 min read
[1/5] #APT group Earth Aughisky (aka #Taidoor) has been active in cyberespionage for over 10 years. The first malware attributed to them was Taidoor, followed by a series of malware that vary according to their targets. Follow this thread: research.trendmicro.com/3EgHWN4 [2/5] Earth Aughisky consistently targets high-value targets in #Taiwan. In recent years, however, this #APT group has expanded to other countries in the region: Japan and Southeast Asia. Image
Sep 23, 2021 5 tweets 4 min read
[1/5]

LATEST NEWS: Both @CISAgov and @FBI just released an advisory on #Conti #ransomware, which they’ve recently observed being used to attack US and international organizations.

Learn more about Conti’s attack chain and tactics here 👉 research.trendmicro.com/3lOTxrx [2/5]

#Conti operators use several methods to gain initial access like spear phishing and exploiting public-facing applications, followed by the use of Cobalt Strike. We investigated how Conti #ransomware operators used Cobalt Strike to launch attacks: research.trendmicro.com/3CDba4C
Sep 22, 2021 5 tweets 3 min read
LATEST NEWS: Cring #ransomware recently made headlines due to a recent attack that exploited a bug in the 11-year-old version of the Adobe ColdFusion 9 software. Follow this thread and let’s look at the techniques typically wielded by this ransomware.

👇 👇 👇 [1/5] Image [2/5] #Cring ransomware gains initial access through unsecure remote desktop protocol (RDP) or through unpatched vulnerabilities. Image
Aug 6, 2021 8 tweets 5 min read
— A THREAD —

[1/n] We’re monitoring developments on a new piece of proof-of-concept #ransomware called #Chaos. It’s purportedly a .NET version of #Ryuk, but our analysis shows that its routines are different from Ryuk’s. Image [2/n] Earlier versions of #Chaos were actually destructive #trojans that overwrote rather than encrypted files, which meant that victims had no way of restoring their files to their original state. Image