Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in March 2024
Statistics on Malware Distributed to Financial Sectors Statistics on Korean Accounts Exfiltrated Via Telegram by Industry Phishing Email Distribution Cases Targeting the Financial Sector Case 1. Targeting Korea Investment & Securities Co., Ltd. employees by disguising as a voice mail Impersonation target Voice mail How the Phishing
Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2)
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware—they are stealing well-known channels that already exist to achieve their goal. In one of the cases,
Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS)
Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original website and exposed the site to the users using the ad feature in search engines. ASEC Blog has previously covered
“Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking
AhnLab SEcurity intelligence Center (ASEC) has recently detected a malware strain being distributed by using the Google Ads tracking feature. The confirmed cases show that the malware is being distributed by disguising itself as an installer for popular groupware such as Notion and Slack. Once the malware is installed and
Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Kimsuky group distributing malware disguised as an installer from a Korean public institution. The malware in question is a dropper that creates the Endoor backdoor, which was also used in the attack covered in the previous post, “TrollAgent That Infects Systems Upon
Infostealers Extorting Web Browser Account Credentials Detected by AhnLab EDR
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web services such as shopping. This is the case for both individual users and employees conducting business in companies. To use
Warning Against Infostealer Disguised as Installer
The StealC malware disguised as an installer is being distributed en masse. It was identified as being downloaded via Discord, GitHub, Dropbox, etc. Considering the cases of distribution using similar routes, it is expected to redirect victims multiple times from a malicious webpage disguised as a download page for a
CryptoWire with Decryption Key Included
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of CryptoWire, a ransomware that was once viral in 2018. CryptoWire is mainly distributed via phishing emails and is made using Autoit script. Main Features The ransomware copies and pastes itself in the path “C\Program Files\Common Files,” and registers a schedule
Threat Trend Report on APT Attacks (South Korea) – February 2024 Major Issues on APT Attacks
Overview AhnLab monitors Advanced Persistent Threat (APT) attacks targeting South Korean entities using its infrastructure. This report will cover the classification and statistics of APT attacks in South Korea detected during February 2024, and introduce their features by type. Figure 1. Statistics on APT attacks in South Korea in
Threat Trend Report on Ransomware – Statistics and Major Issues in February 2024
Purpose and Scope This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in February 2024, as well as major Korean and international ransomware issues worth noting. Major ransomware-related issues and ransomware-specific statistical information other than those mentioned in this report
