Botconf Author Listing

Daniel Lunghi


Last known affiliation: Trend Micro
Bio: Daniel Lunghi is a threat researcher at Trend Micro. He has been hunting malware and performing incident response investigations for years. Now he focuses on long-term monitoring of advanced threat actors from all over the world, exploring new ways of tracking them, and enjoying their mistakes. The result of such investigations are shared through blogposts, whitepapers, and conference talks.
Date: 2023-04-13
Iron Tiger Enhances its TTPs and Targets Linux and MacOS Users
Daniel Lunghi 🗣

Abstract (click to view)

Iron Tiger, also known as APT27 or Emissary Panda, is an advanced threat actor that has been doing espionage for more than a decade, targeting multiple sensitive industries worldwide.
In the past months, we noticed the threat actor enhancing its toolkit to target all three major platforms – Windows, MacOS and Linux. We found out they obtained access to the backend of a little-known chat application and modified the installers to deliver a remote access tool named rshell to users of the Mac platform. We also observed a new version of the SysUpdate malware family, where in addition to porting the malware to the Linux platform, the threat actor added features such as DNS tunneling for C&C communication protocol.

Slides Icon
PDF
Video
Date: 2022-04-27
Operation GamblingPuppet: Analysis of a multivector and multiplatform campaign targeting online gambling customers
Jaromír Hořejší 🗣 | Daniel Lunghi 🗣

Abstract (click to view)

Despite being illegal in some countries, global online gambling industry growths steadily year after year, flourishing in current environment dominated by the global pandemic. This trend was not surprisingly noticed by advanced threat actors as we observed and analyzed campaigns targeting online gambling platforms.

In this research, we will focus on a multiplatform (Windows and Linux) campaign involving known espionage tools as well as new malware families. Operated by individuals with knowledge of Chinese language, the victims of this campaign are mostly online gambling customers in South East Asia.

We noticed some interesting infection vectors, such as backdoored or fake installers for popular applications, or even for a custom chat application, suggesting a very targeted campaign.

Slides Icon
PDF
Video
Scroll to Top