Water Barghest, which comprised over 20,000 IoT devices by October 2024, monetizes IoT devices by exploiting vulnerabilities and quickly enlisting them for sale on a residential proxy marketplace.

Trend Micro identified two infection chains: the first uses PsExec and WMI for lateral movement, while the second exploits vulnerabilities in Microsoft Exchange servers with ChinaChopper web shell.

Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network.

Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, according to Trend Micro. The attackers use the gRPC protocol via h2c to bypass security and manipulate Docker functionalities.

The attack sequence starts with probing the Docker Remote API server by pinging it, creating a container with specific settings, and executing payloads using the Docker Exec API.

Trend Micro researchers uncovered a new ransomware operation utilizing Amazon Web Services (AWS) infrastructure to steal data. The ransomware imitates the LockBit family but is a distinct entity that utilizes AWS services for malicious activities.

EDRSilencer hinders the transmission of telemetry and alerts to EDR consoles, making security tools ineffective against malware. Originally created to improve EDR security, cybercriminals now repurpose it to avoid detection and launch attacks.

The malicious emails contain ZIP files with harmful attachments that use mshta. exe to execute obfuscated JavaScript commands and establish connections to a command and control (C&C) server.

The group uses sophisticated tactics like leveraging Microsoft Exchange servers for credentials theft and exploiting vulnerabilities for privilege escalation. They blend malicious activity with normal network traffic to evade detection.

In this campaign aimed at the APAC region, Earth Baxia used a new backdoor named EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery.