Threat Trend Report on Ransomware – Statistics and Major Issues in March 2024
Purpose and Scope This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in March 2024, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be
Statistical Report on Malware Targeting Linux SSH Servers in Q1 2024
Overview AhnLab SEcurity intelligence Center (ASEC) uses honeypots to respond to and categorize brute force or dictionary attacks targeting poorly managed Linux SSH servers. This report will cover the status of attack sources identified in the first quarter of 2024 based on logs, as well as statistics on attacks
Statistical Report on Malware Targeting MS-SQL Servers in Q1 2024
Overview The ASEC analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers which have become the target of attacks based on the logs discovered in Q1 2024,
Statistical Report on Malware Targeting Windows Web Servers in Q1 2024
Overview AhnLab SEcurity intelligence Center (ASEC) uses the AhnLab Smart Defense (ASD) infrastructure to respond to and classify attacks on poorly managed Windows web servers. This report covers the current state of damage to Windows web servers which have become the target of attacks based on the logs identified
“Totally Unexpected” Package Malware Using Modified Notepad++ Plug-in (WikiLoader)
AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of a modified version of “mimeTools.dll”, a default Notepad++ plug-in. The malicious mimeTools.dll file in question was included in the package installation file of a certain version of the Notepad++ package and disguised as a legitimate package file. As shown
Metasploit Meterpreter Installed via Redis Server
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the Metasploit Meterpreter backdoor has been installed via the Redis service. Redis is an abbreviation of Remote Dictionary Server, which is an open-source in-memory data structure storage that is also used as a database. It is presumed that the threat actors abused
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in March 2024
Statistics on Malware Distributed to Financial Sectors Statistics on Korean Accounts Exfiltrated Via Telegram by Industry Phishing Email Distribution Cases Targeting the Financial Sector Case 1. Targeting Korea Investment & Securities Co., Ltd. employees by disguising as a voice mail Impersonation target Voice mail How the Phishing
Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2)
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware—they are stealing well-known channels that already exist to achieve their goal. In one of the cases,
Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS)
Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original website and exposed the site to the users using the ad feature in search engines. ASEC Blog has previously covered
“Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking
AhnLab SEcurity intelligence Center (ASEC) has recently detected a malware strain being distributed by using the Google Ads tracking feature. The confirmed cases show that the malware is being distributed by disguising itself as an installer for popular groupware such as Notion and Slack. Once the malware is installed and
