VERY IMPORTANT

In a previous blog entry, TrendMicro reported on a campaign, which TrendMicro labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for malvertising attacks that was distributed only to Microsoft Internet Explorer users. Throughout 2020 and the first half of 2021, we observed limited activity from the Bottle exploit kit, with traffic decreasing during the middle of June — possibly indicating that the group was turning to new tools and techniques.