In a previous article of JPCERT/CC Eyes, we reported on SPAWNCHIMERA malware, which infects the target after exploiting the vulnerability in Ivanti Connect Secure. However, this is not the only malware observed in recent attacks. This time, we focus on another malware DslogdRAT and a web shell that were installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024. Functionality of...
-
-
JPCERT/CC organised ICS Security Conference on 5 February 2025. This event aims to share the current threat to ICS both in Japan and overseas and the efforts of stakeholders in the field, as well as to help participants improve their ICS security measures and establish best practices. The conference started in 2009 and now marks its 17th year. 50 participants attended the event onsite and 511 people through live streaming....
-
Following the previous blog post on the Main Track on Day 2, this article highlights the Workshops and Lightning Talks of JSAC2025. Workshop Handling Threat Intelligence: Techniques of Consuming and Creating Threat Intelligence Speaker: Tomohisa Ishikawa, Tatsuya Daitoku, Hiroyuki Tomiyama (Tokio Marine Holdings, Inc.) Slides (Japanese) Tomohisa, Tatsuya, and Hiroyuki provided a workshop on threat intelligence, giving systematic explanations from the fundamentals to practical applications. They first introduced the core...
-
*Please note that this article is a translation of the Japanese versio...
-
This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of October to December 2024. Observation of reflection packets from Websites of organizations in Japan At JPCERT/CC, we analyze the data collected from TSUBAME on a daily basis. We sometimes observe packets from websites responding to...
-
Continuing from the previous blog article, this entry introduces the presentations on the 2nd day of JSAC2025. Observation of phishing criminal groups related to illegal money transfers and Mizuho Bank’s countermeasures -Fighting against phishing site malware ‘KeepSpy’- Speaker: Tsukasa Takeuchi, Takuya Endo, Hiroyuki Yako (Mizuho Financial Group) Slides(English) Tsukasa, Takuya, and Hiroyuki presented Mizuho’s efforts to address phishing attacks, including the analysis of exploited malware and the criminal groups behind...
-
On January 21 and 22, 2025, JPCERT/CC held its annual technical conference JSAC, aiming at enhancing the skills and knowledge of security analysts. The conference brought experts in the field of cyber security together to share technical insights related to incident analysis and response. The event marked its 8th year, and it was held as an offline-only event like the previous year. Over the two-day event, there were 18 presentations,...
-
In January 2025, Ivanti published an advisory[1] regarding the vulnera...
-
There have recently been reports of unauthorized access in Japan, usin...
-
Continuing from the previous article, Part 2 covers another case of a watering hole attack. This time, we will look at the case of a media-related website exploited in 2023. Flow of the attack Figure 1 shows the flow of the watering hole attack. When someone accesses the tampered website, an LZH file is downloaded, and when they execute the LNK file in the LZH file, their PC becomes infected...
