APT Attack Being Distributed as Windows Help File (*.chm)
The ASEC analysis team has recently discovered the distribution of malware disguised as a Windows Help File (*.chm), specifically targeting Korean users. The CHM file is a compiled HTML Help file that is executed via the Microsoft® HTML help executable program. The recently discovered CHM file downloads additional malicious files
Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed
The ASEC analysis team has discovered distribution of malicious HWP file disguised as “Press Release of 20th Presidential Election Early Voting for Sailors” as the presidential election draws near. The attacker distributed the malicious HWP file on February 28th, and though the team could not get the file in the
APT Attack Attempts Disguised as North Korea Related Paper Requirements (Kimsuky)
The ASEC analysis team has recently discovered the distribution of malicious Word (DOC) files to graduate school professors that are disguised as North Korea-related paper requirements. The name of the Word file is shown below. The term ‘KIMA’ mentioned in the filename is the name of the monthly magazine specializing
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
On January 26th, 2022, the ASEC analysis team has discovered that the Kimsuky group was using the xRAT (Quasar RAT-based open-source RAT) malware. xRAT Github Address: https://github.com/tidusjar/xRAT According to the logs collected by AhnLab’s ASD (AhnLab Smart Defense) infrastructure, the attacker installed a variant of Gold Dragon on the first
North Korea-related Hangul Word Processor (HWP) File Being Distributed
The ASEC analysis team has recently discovered that North Korea-related HWP file was being distributed. The operation method is not through a vulnerability, but instead, a hyperlink is inserted on the screen the user is exposed to upon running the file, prompting the user to click, and upon clicking, executables
APT Attack Cases of Kimsuky Group (PebbleDash)
The ASEC analysis team has been keeping an eye on the trend of malware that attempts APT attacks, sharing findings on the blog. In this confirmed case, PebbleDash backdoor was used in the attack, but logs of AppleSeed, Meterpreter, and other additional malware strains were also found. PebbleDash Backdoor The
North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability
The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing
Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)
This document is an analysis report on types of malware recently utilized by the Kimsuky group. The Kimsuky group is mainly known for launching social engineering attacks such as spear phishing. Judging by the names of the attached files, the group seems to be targeting those working in the fields
Malicious Word Files with External Links of Similar Domain Form
Most malicious Word files that have been discovered in attacks contained macro, however, the ASEC analysis team has discovered a case where an external link connecting to an active C2 was used in a superior attack process to execute the malicious Word macro. This method was introduced in a previous
Phishing PDF Files with CAPTCHA Screen Being Mass-distributed
Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by

