Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.…
Victim: Badan Operasi Bersama Pt Bumi Siak Pusako Pertamina Hulu Country : ID Actor: alphv Source: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/1fa51d74-025d-4fc2-ae5b-68095810d2da Discovered: 2023-07-26 14:20:54.517872
Description: Data: http://i4utqt3qnrm2hxhvitunmj4b7777svzbzrc4ewig6j4g6g5zzqahz2qd.onion Badan Operasi Bersama Pt Bumi Siak Pusako Pertamina Hulu is a company that operates in the Retail industry. It employs 251-500 people and has $50M-$100M of revenue.…
Victim: FajarPaper was hacked The most dangerous company to cooperate with in Indonesia may pose a Country : ID Actor: alphv Source: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/5f390f17-b271-47b0-a13a-5bdb52e2a6f4 Discovered: 2023-07-26 14:33:02.869610
Description: Who is FajarPaper PT Fajar Surya Wisesa Tbk (FajarPaper) is a leading packaging paper manufacturer in Indonesia with an installed capacity over 1.5 million tons per year combined and a range of products which include Kraft Liner Board (KLB) and Corrugated Medium Paper (CMP) for carton-box packaging and Coated Duplex Board (CDB) for display packaging.…
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom.…
Since early January 2023, there has been a notable surge in activity targeting European foreign affairs entities linked to Southeast and East Asia. The threat actors responsible are tracked by Check Point Research as Camaro Dragon and are associated with a broad network of espionage operations aligned with Chinese interests.…
SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware.…
Victim: Fort Rolins Collection Agency Country : ID Actor: malas Source: http://malas2urovbyyavjzaezkt5ohljvyd5lt7vv7mnsgbf2y4bwlh72doqd.onion/posts/fortrolins/ Discovered: 2023-05-18 11:29:55.649054
Description:
They act like they don’t see🙈 our ransom note🗒 , or they just don’t negotiate🤝with cyberterrorists💣. They restore their backups and think ignoring us🙉 makes us go away. So now we also restore their backups, for all of you.…
Victim: bankbsi.co.id Country : ID Actor: lockbit3 Source: http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion/post/mYOkRWStPzbZwVLG645eab1a1f6e0 Discovered: 2023-05-12 21:55:26.067273
Description: On May 8, we attacked Bank Syariah Indonesia, completely stopping all of its services. The management of the bank could not think of anything better than to brazenly lie to their customers and partners, reporting some kind of “technical work” being… …
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
We discovered a new campaign by Earth Longzhi (a subgroup of APT41) that targets organizations based in Taiwan, Thailand, the Philippines, and Fiji.…
In 2021, Check Point Research published a report on a previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities. Since then, we have continued to track the use of these tools across several operations in multiple Southeast Asian countries, in particular nations with similar territorial claims or strategic infrastructure projects such as Vietnam, Thailand, and Indonesia.…
Victim: PetroChina Indonesia Country : ID Actor: medusa Source: http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion/detail?id=247b85feeedd6262fc234fb8de6ac8c7 Discovered: 2023-02-15 05:26:55.494214
Description: PetroChina Indonesia is a company that operates in the Oil & Energy industry. It employs 251-500 people and has $25M-$50M of revenue. The company is headquartered in Jakarta, Jakarta, Indonesia …
Victim: Global Mining Products Country : ID Actor: avoslocker Source: Discovered: 2023-02-11 15:54:59.174946
Description: Global Mining’s Product Catalog is available for download. MINExpo 2012 Please Visit Global Mining Products Inc at MINExpo 2012 Booth No. 9144 Service and Repair Facilities 3 Location To Serve You Better Global Mining – USA Ph: 775-778-3410 Fax: 775-778-3418 Global Mining – Canada Ph: 604-538-0058 Fax: 604-541-2850 PT GloMinPro Indonesia …
For each of these domains, the sample tries to connect to many of its subdomains. Most subdomains will start with the letter x, w, or m, followed by a number. In this sample, the first hardcoded domain is fywkuzp[.]ru:7432, and we could observe a infected machine trying to connect to the following domains:
In the end, Mylobot produces thousands of DNS requests, which makes it quite noisy.…
Victim: bplawyers.co.id Country : ID Actor: lockbit3 Source: Discovered: 2023-02-05 11:17:51.476434
Description: BP Lawyers Corporate Law Firms merupakan Konsultan Hukum Indonesia, Jasa Pembuatan Kontrak Kerja Bisnis di Jakarta Terbaik, Berpengalaman dan Profesional. …
Major drug markets in the Dark Web are now worth around $315 million annually
The Resecurity® Hunter unit performed an extensive analysis of current trends and dynamics related to the underground economy around active DNMs leveraging technical means and human intelligence (HUMINT) sources. Some results of this research (Drug Trafficking in the Dark Web – Status Report – 2022/2023) arranged by our team are provided within this blog post and are aimed to provide awareness for international law enforcement, cybercrime investigators and intelligence professionals. Some…
This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda’s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.
This year, ransomware-as-a-service (RaaS) groups like BlackCat, Hive, and RansomExx have developed versions of their ransomware in Rust, a cross-platform language that makes it easier to tailor malware to different operating systems like Windows and Linux.…
Victim: Astra Daihatsu Motor (ID) Country : ID Actor: daixin Source: Discovered: 2022-11-24 02:12:34.937211
Description: PT Astra Daihatsu Motor is an automobile manufacturing company based in Jakarta, Indonesia. It is a joint venture company between Daihatsu, Astra International and Toyota Tsusho. It is the largest car manufacturer in Indonesia by production output and installed capacity, and has been second best-selling car brand behind …
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.
In early 2022, we investigated an incident that compromised a company in Taiwan.…