RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign
December 2025 Phishing Email Trends Report
This report provides the distribution quantity, statistics, trends, and case information on phishing emails, which were collected and analyzed for one month in December 2025. The following statistics and cases are included in the original report. 1) Statistics of phishing email threats In December 2025, the most common type of
In-Depth Analysis Report on LockBit 5.0: Operation and Countermeasures
Since its first appearance in September 2019, LockBit has been known as one of the most notorious and active Ransomware-as-a-Service (RaaS) groups worldwide. LockBit operates on the RaaS model and is characterized by sophisticated encryption technology and automated propagation capabilities. Initial access is typically gained through vulnerability exploits, brute force
xRAT (QuasarRAT) Malware Being Distributed Through Webhard (Adult Games)
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the xRAT (QuasarRAT) malware is being distributed through a webhard disguised as an adult game. In Korea, webhard services are one of the most commonly used platforms for distributing malware. Typically, threat actors use malware that are easily accessible, such as
GeoServer, Where Various CoinMiner Attacks Occur
AhnLab SEcurity intelligence Center (ASEC) previously covered the case of threat actors exploiting the GeoServer vulnerability to install CoinMiner and NetCat through the “CoinMiner Attacks Exploiting GeoServer Vulnerability” blog. [1] The threat actors have been continuously targeting vulnerable GeoServers to install CoinMiner. This post will cover the identified cases of
November 2025 Threat Trend Report on Ransomware
This report provides the number of affected systems confirmed during November 2025, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information. The statistics on the number of ransomware samples and affected systems are based on the diagnostic names assigned by
November 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of November 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report. 1) Data Source and Collection Method The AhnLab SEcurity intelligence Center (ASEC)
November 2025 Security Issues in Korean and Global Financial Sector
This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry in Korea and worldwide. It includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains targeting the industry, and statistics on the sectors
November 2025 Trends Report on Phishing Emails
This report provides statistics, trends, and case information on the distribution volume, attachment threats, and other aspects of phishing emails collected and analyzed for one month in November 2025. The following are some of the statistics and cases included in the original report. 1) Statistics of Phishing Email Threats In
Distribution of EtherRAT Malware Exploiting React2Shell Vulnerability (CVE-2025-55182)
AhnLab SEcurity intelligence Center (ASEC) recently discovered an advanced malware distribution campaign using Node.js while tracking the recently disclosed React2Shell vulnerability. This attack installs EtherRAT through multiple stages, with the ultimate goal of gaining a foothold, stealing information, and stealing cryptocurrency. After the threat actor accessed the IP address
