Threat Researcher at @TrendMicroRSRCH
Joined January 2013
- Tweets 210
- Following 612
- Followers 402
- Likes 2,560
18 Photos and videos
Joseph Chen retweeted
May 11
Two threat campaigns used agentic AI to run full kill chain operations against government and financial targets in Latin America. TrendAI™ Research breaks down SHADOW-AETHER-040 and SHADOW-AETHER-064: research.trendmicro.com/4wnP…
2
1
313
Joseph Chen retweeted
Apr 30
We investigated a CN #APT that targeted multiple governments and companies with government contracts in Asia. In half of the targets we found a second group with different malware toolkit but sharing the infection vector and some post-exploitation tools trendmicro.com/en_us/researc…
ALT Countries being targeted by SHADOW-EARTH-053 and SHADOW-EARTH-054
ALT Table comparing SHADOW-EARTH-053 and SHADOW-EARTH-054
ALT Links from SHADOW-EARTH-054 to other intrusion sets
ALT Dates of different campaigns by SHADOW-EARTH-053 and SHADOW-EARTH-054
35
98
9,217
Joseph Chen retweeted
Our research shows PeckBirdy is a multi-environment C&C framework used by China-aligned actors to deploy modular backdoors. Malware analysis details are available on our blog: research.trendmicro.com/4qJk…
1
3
355
Joseph Chen retweeted
DKnife can hijack #Android application updates by intercepting the update manifest requests. The targeted applications are mostly popular Chinese-language services.
1
2
12
991
Joseph Chen retweeted
20 Nov 2025
🚨 #APT24 Leveraging #BADAUDIO🚨
New blog post describing 🇨🇳 actor APT24 targeting 🇹🇼 via multiple vectors to include #phishing, #strategicwebcomp #supplychain compromises 👀👀👀
cloud.google.com/blog/topics…
21
59
17,284
Joseph Chen retweeted
22 Oct 2025
We saw Earth Estries, an advanced #APT group, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups trendmicro.com/en_us/researc…
ALT Image describing the Earth Estries and Earth Naga malware toolkits
ALT Table with the different victims of Earth Estries and Earth Naga, classified by industry and location
ALT List of collaboration types and the MITRE tactic stage where the sharing occurs
ALT Malware toolkit involved in this report
2
8
845
Joseph Chen retweeted
24 Oct 2025
Coordinated intrusions by Earth Estries and Earth Naga show that defenders must rethink attribution and monitor the broader China-aligned APT ecosystem, not just isolated groups. Get the latest insights: research.trendmicro.com/3L5A…
1
3
516
Joseph Chen retweeted
22 Oct 2025
We first introduced the term “Premier Pass” during my talk at @pivot_con — describing a trend of advanced collaboration among China-aligned APT groups like Earth Estries & Earth Naga.
Today, we published a blog post that explores the concept in depth.
trendmicro.com/en_us/researc…
12
28
2,369
Joseph Chen retweeted
15 Oct 2025
Trend™ Research exposes how attackers use SNMP and Telnet exploits to compromise Cisco switches and deploy rootkits. See how Trend Vision One™ enables proactive defense: research.trendmicro.com/3KSv…
2
5
4,017
Joseph Chen retweeted
3 Sep 2025
TAOTH used spear phishing and a reregistered, previously abandoned update domain to infect devices of dissidents, journalists, and executives in East Asia. Our analysis details their infection methods and defense strategies.
See our threat insights: ⬇️ research.trendmicro.com/4oW5…
2
2
627
Joseph Chen retweeted
4 Jun 2025
Trend™ Research has identified Earth Lamia as an #APT threat actor that exploits vulnerabilities in web applications to gain access to organizations, using various techniques for data exfiltration.
Learn more: ⬇️ research.trendmicro.com/3Hbr…
3
4
1,241
Joseph Chen retweeted
28 May 2025
Trend Micro's @jspchc writes about an active threat actor, named Earth Lamia, targeting multiple industries in Brazil, India & Southeast Asian countries since at least 2023. The APT primarily exploits vulnerabilities in web applications for access. trendmicro.com/en_us/researc…
ALT Map of the world with countries highlighted in red: Brazil, India, Vietnam, Thailand, Indonesia, Malaysia, Phillippines.
7
25
1,652
Joseph Chen retweeted
20 Feb 2025
We released a report on a threat actor using an updated version of #Shadowpad including anti-debugging features, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia trendmicro.com/fr_fr/researc… #APT
1
13
40
3,290
Joseph Chen retweeted
8 Jan 2025
Discover the threat posed by the cross-platform DarkNimbus backdoor. Earth Minotaur utilizes the MOONSHINE exploit kit to target Android and Windows devices.
Read the full report on our blog: ⬇️ research.trendmicro.com/3B9E…
5
13
841
Joseph Chen retweeted
6 Dec 2024
Trend Micro's Joseph C Chen & Daniel Lunghi investigate a group named Earth Minotaur that used the MOONSHINE exploit kit leading to the DarkNimbus Android backdoor. MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices. trendmicro.com/en_us/researc…
1
12
31
3,680
Joseph Chen retweeted
New research from @jspchc and @thehellu uncovers a campaign leveraging the Moonshine framework to deliver Chrome Nday exploits targeting Android devices. Thanks for giving the credit to my research! #moonshine
5 Dec 2024
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android described in 2019 by @citizenlab leveraging vulnerabilities in applications embedding old versions of Chrome trendmicro.com/en_us/researc…
ALT Attack chain from Moonshine to DarkNimbus
ALT Validation flow by checking user agent
ALT Exploited vulnerabilities
ALT Targeted Android applications
4
13
1,254
Joseph Chen retweeted
5 Dec 2024
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android described in 2019 by @citizenlab leveraging vulnerabilities in applications embedding old versions of Chrome trendmicro.com/en_us/researc…
ALT Attack chain from Moonshine to DarkNimbus
ALT Validation flow by checking user agent
ALT Exploited vulnerabilities
ALT Targeted Android applications
18
30
3,267
Joseph Chen retweeted
12 Nov 2024
Trend Micro researchers analyse two distinct attack chains employed by the Earth Estries (aka Salt Typhoon) group that demonstrate the varied tactics, techniques and tools they use to compromise targeted systems. trendmicro.com/en_us/researc…
21
48
4,657
Joseph Chen retweeted
16 May 2024
NEW ENTRY: In this report, we detailed how Waterbear and Deuterbear operate, including the stages of infection, command and control (C&C) interaction, and #malware component behavior.
Find out more about these two malware variants here: research.trendmicro.com/Eart…
9
20
1,351
Joseph Chen retweeted
19 Mar 2024
Trend Micro's @jspchc & @thehellu look into a new APT campaign, named Earth Krahang, targeting several government entities worldwide, with a strong focus on Southeast Asia. Their investigation identified multiple links between Earth Krahang & Earth Lusca. trendmicro.com/en_us/researc…
1
24
43
4,422