Threat Actors’ Systems Can Also Be Exposed and Used by Other Threat Actors
Types of cyberattack include not only Advanced Persistent Threat (APT) attacks targeting a few specific companies or organizations but also scan attacks targeting multiple random servers connected to the Internet. This means that the infrastructures of threat actors can become the targets of cyberattack alongside companies, organizations, and personal users.
XMRig CoinMiner Installed via Game Emulator
AhnLab SEcurity intelligence Center (ASEC) recently found that XMRig CoinMiner is being distributed through a game emulator. Similar cases were introduced in previous ASEC Blog posts multiple times as shown below. Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack Monero CoinMiner Being Distributed via Webhards XMRig CoinMiner Installed
XWorm v5.6 Malware Being Distributed via Webhards
While monitoring the distribution sources of malware in Korea, AhnLab SEcurity intelligence Center (ASEC) recently found that the XWorm v5.6 malware disguised as adult games is being distributed via webhards. Webhards and torrents are platforms commonly used for the distribution of malware in Korea. 1. Overview Attackers normally use easily
Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)
AhnLab SEcurity intelligence Center (ASEC) has recently discovered Andariel APT attack cases against Korean corporations and institutes. Targeted organizations included educational institutes and manufacturing and construction businesses in Korea. Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks. The threat actor probably used these
Analysis Report on TargetCompany Threat Actor’s Attack Against MS-SQL Servers Using Remcos RAT
Overview AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed MS-SQL servers. TargetCompany is one of the threat actors who target account credentials that are exposed to the Internet and are vulnerable to brute force and dictionary attacks. TargetCompany has been installing ransomware constantly for years on MS-SQL
Threat Trend Report on APT Attacks (South Korea) – April 2024 Major Issues on APT Attacks Against South Korea
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in South Korea. This report discusses the categorization and statistics of APT attacks against Korean targets in April 2024 as well as the features of each type. Figure 1. Statistics
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
Through a post titled “Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack” [1], AhnLab SEcurity intelligence Center (ASEC) previously disclosed an attack case in which a threat actor distributed RAT and CoinMiner to Korean users. Until recently, the attacker created and distributed various malware strains, such as
Threat Trend Report on Ransomware – Statistics and Major Issues in April 2024
Purpose and Scope This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in April 2024, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in April 2024
Statistics on Malware Distributed to Financial Sectors Statistics on Korean Accounts Exfiltrated Via Telegram by Industry Phishing Email Distribution Cases Targeting the Financial Sector Case 1. Targeting Yuanta Securities employees using the guise of product orders Impersonation target – Product order How the phishing attack
ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information
AhnLab SEcurity intelligence Center (ASEC) has recently discovered ViperSoftX attackers using Tesseract to exfiltrate users’ image files. ViperSoftX is a malware strain responsible for residing on infected systems and executing the attackers’ commands or stealing cryptocurrency-related information. The malware newly discovered this time utilizes the open-source OCR engine Tesseract. Tesseract
