Trend Micro Research, News and Perspectives

AI-driven insights for managing emerging threats and minimizing organizational risk

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.

This is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.

This issue of AI Pulse is all about agentic AI: what it is, how it works, and why security needs to be baked in from the start to prevent agentic AI systems from going rogue once they’re deployed.

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews seven key initial attack vectors and provides proactive security tips to help you reduce cyber risk across the attack surface.

Explore how generative AI is transforming cybersecurity and enterprise resilience

Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access (ZTSA) – AI Service Access bridges the gap between access control and GenAI services to protect the user journey.

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.

This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.