cedricpernet

@[email protected]
129 Followers
145 Following
90 Posts
Senior Threat Researcher.
Cybercrime / Cyberespionage aficionado.
Grumpy French one, sometimes ;-)
Metal & Rock dude, never enough guitars.
Motorcycles fan.
Wrote a book in French language on cyberespionage.
Ex-Law Enforcement Officer.
Mastodonhttps://infosec.exchange/@cedricpernet
Personal Websitehttps://bl0g.cedricpernet.net
LinkedInhttps://www.linkedin.com/in/cpernet/
Mon livre sur le cyberespionnagehttps://www.amazon.fr/S%C3%A9curit%C3%A9-espionnage-informatique-technique-pr%C3%A9vention/dp/2212139659/
cedricpernetJun 25, 2025
Stephan BergerJun 24, 2025

A teammate of mine worked on an interesting incident where the attackers connected to the backup server via RDP, launched the Chrome browser, and searched on Google for "VirtualBox".

The VirtualBox installer was then downloaded to the home directory of the compromised user:
C:\Users\<user>\Downloads\VirtualBox-7.1.6-167084-Win.exe

This file is a Windows installation package that the attacker used to set up a VirtualBox environment, allowing them to create an operating system without endpoint protection. The newly created virtual machine had the hostname "WIN-D1V1F70QJLC".

The attacker then logged into this newly created virtual machine to carry out further tasks without logging, antivirus, or EDR monitoring.

cedricpernetMay 18, 2025
benjojoMay 17, 2025
good god Lisbon airport is very active on GitHub
cedricpernetSep 5, 2024
Virus BulletinSep 5, 2024
Trend Micro researchers Cedric Pernet (@cedricpernet) & Jaromir Horejsi discovered the Earth Lusca threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

Trend Micro
cedricpernetSep 4, 2024

Read more about the latest research I did with my talented colleague @jaromirhorejsi ! We exposed a previously unreported and new malware family we named KTLVdoor, used by Chinese-speaking threat actors including #EarthLusca ! More than 50 C2s have been found to communicate with this #malware family !

https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html

#cyberespionage #china

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

Trend Micro
cedricpernetJun 27, 2024

I just published this one with my good friend Loseway, about ICO scams in relation to the 2024 Olympic Games.

https://www.trendmicro.com/en_us/research/24/f/ico-scams-leverage-2024-olympics-to-lure-victims-use-ai-for-fake.html

#cybercrime #AI #scam #paris2024 #olympics #olympicgames

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.

Trend Micro
cedricpernetMar 18, 2024
DgarMar 18, 2024
A SEO expert walks into a bar, tavern, pub, grill, public house, irish bar, bartender, drinks, beer, wine, liquor.
cedricpernetMar 18, 2024
BleepingComputerMar 18, 2024

Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament.

https://www.bleepingcomputer.com/news/security/apex-legends-players-worried-about-rce-flaw-after-algs-hacks/

Apex Legends players worried about RCE flaw after ALGS hacks

Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament.

BleepingComputer
cedricpernetMar 4, 2024
Excellent article de #Mediapart sur I-Soon. Très honoré d'y être cité :-)
https://www.mediapart.fr/journal/international/040324/bienvenue-i-soon-chez-les-cybermercenaires-qui-espionnent-la-solde-de-pekin #isoon #i-soon #cyberespionnage #cyberespionage
Bienvenue à I-Soon, chez les cybermercenaires qui espionnent à la solde de Pékin

La Chine était jusqu’à présent épargnée par les fuites de données qui ont dévoilé les pratiques de cyberespionnage des États-Unis et de la Russie. Mais le 16 février, un « leak » concernant un sous-traitant privé de la police chinoise a levé le voile sur les opérations de Pékin.

Mediapart
cedricpernetFeb 26, 2024
Virus BulletinFeb 26, 2024
Trend Micro's Cedric Pernet (@cedricpernet) and Jaromir Horejsi look into a new Earth Lusca campaign with a file that contains a lure document discussing Chinese-Taiwanese geopolitical issues. https://www.trendmicro.com/en_us/research/24/b/earth-lusca-uses-geopolitical-lure-to-target-taiwan.html
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.

Trend Micro
cedricpernetFeb 26, 2024
Very proud to release my latest research which exposes a Chinese-speaking threat actor to attacks on Taiwan before the national elections - https://www.trendmicro.com/en_us/research/24/b/earth-lusca-uses-geopolitical-lure-to-target-taiwan.html #APT #cyberespionage #isoon #i-soon #EarthLusca
Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.

Trend Micro