Daniel Lunghi
@thehellu.bsky.social
Threat researcher at Trend Micro mostly focused on APT
There is a typo in the link (remove the extra "7" at the end, will ask for it to be fixed, thanks!).
Regarding your question, this is what we wrote about Salt Typhoon in our third Earth Estries blogpost www.trendmicro.com/en_us/resear...
Regarding your question, this is what we wrote about Salt Typhoon in our third Earth Estries blogpost www.trendmicro.com/en_us/resear...
October 22, 2025 at 4:42 PM
There is a typo in the link (remove the extra "7" at the end, will ask for it to be fixed, thanks!).
Regarding your question, this is what we wrote about Salt Typhoon in our third Earth Estries blogpost www.trendmicro.com/en_us/resear...
Regarding your question, this is what we wrote about Salt Typhoon in our third Earth Estries blogpost www.trendmicro.com/en_us/resear...
We saw Earth Estries, an advanced #APT intrusion set, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups www.trendmicro.com/en_us/resear...
October 22, 2025 at 9:18 AM
We saw Earth Estries, an advanced #APT intrusion set, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups www.trendmicro.com/en_us/resear...
For incident responders, remember to retrieve the volume serial number where #Shadowpad was deployed, since it is used to encrypt the payload in the registry. Those serial numbers can also be found in LNK and Prefetch files in case you don't have live access to the host anymore
February 20, 2025 at 9:39 AM
For incident responders, remember to retrieve the volume serial number where #Shadowpad was deployed, since it is used to encrypt the payload in the registry. Those serial numbers can also be found in LNK and Prefetch files in case you don't have live access to the host anymore
We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT
#APT
February 20, 2025 at 9:39 AM
We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT
#APT
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...
December 5, 2024 at 8:48 AM
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...