Files Locked Behind a White Padlock: A Warning from WhiteLock Ransomware

Files Locked Behind a White Padlock: A Warning from WhiteLock Ransomware

If files start getting locked one by one and even remote access tools stop working, your system may already be infected with ransomware. The recently identified WhiteLock ransomware encrypts key files on Windows systems and then generates a ransom note demanding payment. A key characteristic of this ransomware is that it communicates with external servers […]

Vidar Infostealer Being Spread through Phishing Emails

Vidar Infostealer Being Spread through Phishing Emails

1. Overview First identified in 2018, Vidar operates under a Malware-as-a-Service (MaaS) model and continues to be distributed through various attack cases to this day. AhnLab SEcurity intelligence Center (ASEC) has been monitoring cases of Vidar distribution targeting Korea, and this report summarizes the Vidar distribution cases identified in the first half of 2026.    […]

May 2026 Threat Trend Report on APT Attacks (South Korea)

May 2026 Threat Trend Report on APT Attacks (South Korea)

Overview AhnLab monitored APT (Advanced Persistent Threat) attacks—covert, sustained targeted attacks—using its own infrastructure. This report summarizes the types and statistics on domestic APT attacks identified during the month of May 2026 and discusses the characteristics of each type as well as AhnLab Response Overview. Trends of APT Attacks in South Korea Most of the […]

What is the true nature of the shortcut file I thought was a privacy consent form?

What is the true nature of the shortcut file I thought was a privacy consent form?

Evidence has recently emerged that Malicious Files posing as “Consent Forms for the Collection and Use of Personal Information” have been circulating. Threat actors use file names that are easily mistaken for work documents to trick users into running them. These files are not actual documents but shortcut files; when executed, they collect PC information […]

It looks like a normal resume, but the infection begins the moment it is opened.

It looks like a normal resume, but the infection begins the moment it is opened.

Malicious shortcut files disguised as resume files have recently been circulating, requiring corporate users to exercise caution. Threat actors name the files to resemble resume documents containing company names and job titles, and when executed, they display a legitimate decoy file alongside the malicious file to lower the user’s suspicion. The file then downloads additional […]

May 2026 Infostealer Trend Report

May 2026 Infostealer Trend Report

Content This report summarizes the distribution channels, number of infostealers, number of detections, target companies, and execution types of new infostealers collected during the month of May 2026. The collected samples were analyzed based on data from AhnLab SEcurity intelligence Center (ASEC)’s automated data collection system, Email Honeypot system, automated malware C2 analysis system, and […]

May 2026 Threat Trend Report on APT Groups

May 2026 Threat Trend Report on APT Groups

Purpose and Scope The May 2026 APT Trends report identified supply chain attacks, developer environment attacks, automated Initial Breach, and exploitation of runtime environments as key developments. Lazarus, Famous Chollima, Gamaredon, MuddyWater, and Nimbus Manticore are of particular concern. Status of Major APT Groups by Region North Korea The Lazarus group exploited Git Hooks (Git […]

Files Locked Behind a White Padlock: A Warning from WhiteLock Ransomware

If files start getting locked one by one and even remote access tools stop working, your system may already be infected with ransomware. The recently identified WhiteLock ransomware encrypts key files on Windows systems and then generates a ransom note demanding payment. A key characteristic of this ransomware is that it communicates with external servers […]

Vidar Infostealer Being Spread through Phishing Emails

1. Overview First identified in 2018, Vidar operates under a Malware-as-a-Service (MaaS) model and continues to be distributed through various attack cases to this day. AhnLab SEcurity intelligence Center (ASEC) has been monitoring cases of Vidar distribution targeting Korea, and this report summarizes the Vidar distribution cases identified in the first half of 2026.    […]

AhnLab Public Content

Check out the publicly available content published by ASEC​

AhnLab TIP Member Exclusive Content

Preview excerpts of AhnLab TIP member-exclusive content

This content is a premium report exclusive to AhnLab TIP members.
You can view an excerpt here, and the full report is available only to AhnLab TIP members.

Q2 2026 Vulnerability Trends Report

Summary of Vulnerability Trends for the Second Quarter of 2026 A total of 20,701 new CVEs were reported in the second quarter of 2026. Of these, 2,317 were “Critical” vulnerabilities with a CVSS score of 9.0 Or higher, accounting for 11.2% Of the total. Medium- and high-risk vulnerabilities, including those rated “High,” accounted for 51.7% […]

Q2 2026 Statistical Report on Malware Targeting Windows Web Servers

Content In the second quarter of 2026, the AhnLab SEcurity intelligence Center (ASEC) compiled an analysis of the current attack status for poorly managed Windows web servers and classified the malware used in these attacks. The targets were Internet Information Services (IIS) web servers and Apache Tomcat web servers running in Windows environments. Purpose and […]

Q2 2026 Attack Techniques Trend Report

Overview. The second quarter of 2026 was marked by a notable increase in actual exploits that targeted public assets, identities, and AI stacks. The number of CISA KEV listings reached 75, an increase of approximately 27% compared to the same period in 2025. Primary targets included web and server applications, endpoints, network perimeter devices, and […]

Statistical Report on Malware Targeting Linux SSH Servers in the Second Quarter of 2026

Content In the second quarter of 2026, the AhnLab SEcurity intelligence Center (ASEC) collected and analyzed attack logs targeting poorly managed Linux SSH servers through honeypots. The scope of the analysis covers attack sources that progressed to executing actual malware installation commands, as well as statistics on the malware used in those attacks. Purpose and […]

Statistical Report on Malware Targeting Windows Database Servers in the Second Quarter of 2026

Contents The AhnLab SEcurity intelligence Center (ASEC) analyzed attack logs from the second quarter of 2026 targeting MS-SQL server and MySQL server installations on Windows. This report summarizes the damage status, attack status, and the classification of the malware and tools used in the attacks. Purpose and Scope The targets are MS-SQL servers and MySQL […]

May 2026 Threat Trend Report on APT Attacks (South Korea)

Overview AhnLab monitored APT (Advanced Persistent Threat) attacks—covert, sustained targeted attacks—using its own infrastructure. This report summarizes the types and statistics on domestic APT attacks identified during the month of May 2026 and discusses the characteristics of each type as well as AhnLab Response Overview. Trends of APT Attacks in South Korea Most of the […]