Blogs

Jul 17, 2025

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect

This blog marks the third installment in our series on detecting and visualizing lateral movement attacks with Trellix Helix Connect.

Jul 15, 2025

Threat Analysis: SquidLoader - Still Swimming Under the Radar

A new wave of SquidLoader malware samples are actively targeting financial services institutions in Hong Kong. This sophisticated malware exhibits significant evasion capabilities, achieving near-zero detection rates on VirusTotal at the time of analysis.

Jul 08, 2025

From Click to Compromise: Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities

The DoNot APT group, also identified by various security vendors as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger, has been active since at least 2016, and has been attributed by several vendors to have links to India.

Jul 01, 2025

Automagic Reverse Engineering

Overall, the required time to analyze a binary goes down with this approach, as a lot of manual tasks have been automated. Being able to run these scripts headless allows you to integrate them into your workflow of choice, making the methodology as flexible as possible.

Jul 01, 2025

The Bug Report - June 2025 Edition

Stay cool this summer with June 2025’s top 4 CVEs: RCEs, NTLM exploits, router worms & a Google supply chain flaw. Read now to patch fast and stay safe.

Jun 30, 2025

The Democratization of Phishing: Popularity of PhaaS platforms on the rise

PhaaS platforms are democratizing sophisticated phishing attacks, making them cheaper, easier, and more effective for cybercriminals, with AI amplifying their scale.

Jun 24, 2025

OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure

The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign, we’ve dubbed OneClik, specifically targeting the Energy, Oil and Gas sector through phishing attacks and the exploitation of Microsoft ClickOnce.

Jun 23, 2025

Understanding Iranian Capabilities and Hacktivist Activities

At Trellix, we’ve been closely tracking Iranian cyber operations for years. Our research has shown that Iran maintains a mature and diverse cyber capability, executed through a combination of government agencies, contractors, and loosely affiliated proxy groups. These actors are capable of a broad spectrum of operations—from espionage and wiper attacks to disruptive campaigns targeting critical infrastructure.

Jun 18, 2025

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

This blog breaks down how a commonly used JavaScript library was weaponized to deliver browser-based malware via compromised WordPress assets. Learn how attackers exploited frontend trust, what risks this poses to enterprises and governments, and how your organization can defend against these stealthy threats.

Jun 12, 2025

Inside LockBit's Admin Panel Leak

On May 7, 2025, the LockBit admin panel was hacked by an anonymous actor who replaced their TOR website with the text ‘Don’t do crime CRIME IS BAD xoxo from Prague’ and shared a SQL dump of their admin panel database in an archived file ‘paneldb_dump.zip’. This leaked SQL database dump is further significant as it offers significant insight into the operational methods of LockBit affiliates and the negotiation tactics they employ to secure ransom payments from their victims.