Daniel Lunghi
@thehellu.bsky.social
Threat researcher at Trend Micro mostly focused on APT
Pinned
Daniel Lunghi
@thehellu.bsky.social
· Feb 20
We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT
#APT
We saw Earth Estries, an advanced #APT intrusion set, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups www.trendmicro.com/en_us/resear...
October 22, 2025 at 9:18 AM
We saw Earth Estries, an advanced #APT intrusion set, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups www.trendmicro.com/en_us/resear...
We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT
#APT
February 20, 2025 at 9:39 AM
We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT
#APT
Intelligence Online links the MOONSHINE framework that we discussed in our Earth Minotaur report (www.trendmicro.com/en_us/resear...) to a Chinese company www.intelligenceonline.com/surveillance... (article is free but needs registration to access it). Happy new year UPSEC ! 😘
China : Chinese firm behind hacking operations against Uyghurs and Tibetans unveiled
Intelligence Online has established a link between a Chinese public security ministry contractor and recent IT hacking operations carried out in China and abroad against the two minorities, reviled
www.intelligenceonline.com
January 29, 2025 at 10:08 AM
Intelligence Online links the MOONSHINE framework that we discussed in our Earth Minotaur report (www.trendmicro.com/en_us/resear...) to a Chinese company www.intelligenceonline.com/surveillance... (article is free but needs registration to access it). Happy new year UPSEC ! 😘
Reposted by Daniel Lunghi
Since Aug 2024 Earth Koshchei (APT29, Midnight Blizzard) used 193 RDP relays and 34 rogue backends against military, MFAs and others. The campaign peak was likely preceded by barely audible campaigns that ended with a bang in Oct 2024. Details and indicators here: www.trendmicro.com/en_us/resear...
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
www.trendmicro.com
December 17, 2024 at 8:35 AM
Since Aug 2024 Earth Koshchei (APT29, Midnight Blizzard) used 193 RDP relays and 34 rogue backends against military, MFAs and others. The campaign peak was likely preceded by barely audible campaigns that ended with a bang in Oct 2024. Details and indicators here: www.trendmicro.com/en_us/resear...
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...
December 5, 2024 at 8:48 AM
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...