Latest threat intelligence reports by TRAPMINE Team
Case Study: Post-Breach Detection (Process Injection & Espionage Campaign)
One of the leading public transport companies in Turkey has decided to deploy and try TRAPMINE although they have a well-known AV/EDR solution. After deploying TRAPMINE and running some hunting queries, the customer called us to have a look at the results. TRAPMINE has an interface that allows you to make a real-time threat hunting on systems. When we look at the hunting results of customer, we see that a query was started on 14.02.2019.
An Iran-linked APT group which previously targeted organizations in Saudi Arabia has now set its sights on Turkey. The threat actor has been distributing malware via MS Office documents with malicious content. Threat actor have typically targeted a set of domestic and private sector targets in Turkey.
An Iran-linked APT group which previously targeted organizations in Saudi Arabia has now set its sights on Turkey. The threat actor has been distributing malware via MS Office documents with malicious content. Threat actor have typically targeted a set of domestic and private sector targets in Turkey.
In 4th February 2016, researchers of TRAPMINE encountered a set of cyber espionage attack which targeted various institutions. The malware which is used for attack, uses the phishing method as an attack vector. The attack targets some of the media workers who are in the international media companies. The malware has some advanced features in the system spread such as audio surveillance, keylogging, file transfer, webcam recording.
ZDI has published several vulnerabilities affect IBM Tivoli Storage Manager which is a popular storage product on June 30. We decided to re-discover and trigger this vulnerability with the help of advisory.
TRAPMINE has discovered ongoing series of targeted attacks against some government institutions. Most of the government institutions targeted by attackers are located in Kazakhstan, Mongolia, Vietnam and Russia. After the quick analysis of exploits and malware used in the campaign, we have identified that it’s the same group behind Lurid / Enfal APT attacks.