Kimsuky Targets South Korean Research Institutes with Fake Import Declaration Posted By kwonxx , November 30, 2023 AhnLab Security Emergency response Center (ASEC) has recently identified that the Kimsuky threat group is distributing a malicious JSE file disguised as an import declaration to research institutes in South Korea. The threat actor ultimately uses a backdoor to steal information and execute commands. The file name of the dropper disguised as an import declaration is as follows. The file contains an obfuscated PowerShell script, a Base64-encoded backdoor file, and a legitimate PDF file. A legitimate PDF file is saved…
Personal Information Sales Used as Bait to Distribute Malware Posted By EASTSTON3 , November 30, 2023 AhnLab Security Emergency response Center (ASEC) discovered a case of malware distribution using personal information sales as bait. This attack case employs a social engineering hacking technique. ASEC provides you with recently discovered circumstances of malware distribution using social engineering hacking techniques. Figure 1 shows the content of the website used by the threat actor as a distribution site, with multiple files. Most of the files contain personal information, and the file names include investment-related keywords such as ‘reading,’ ‘unlisted,’…
Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604) Posted By Sanseo , November 27, 2023 While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions, and the group is known to be either in a cooperative relationship of the Lazarus threat group, or a subsidiary group of Lazarus. Their attacks against South Korea were first…
Distribution of Malicious LNK File Disguised as Producing Corporate Promotional Materials Posted By ch.lim , November 20, 2023 Recently, AhnLab Security Emergency response Center (ASEC) has identified a malicious LNK file being distributed to financial and blockchain corporation personnel through email and other ways. The malicious LNK file is distributed via URLs and AhnLab Smart Defense (ASD) has confirmed the following URLs. The file being downloaded is a compressed file named “Blockchain Corporate Solution Handbook Production.zip”. The threat actor alternately uploaded a malicious file and a legitimate file at the URLs, causing confusion in analysis. When the malicious…
Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group) Posted By song.th , November 20, 2023 The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering hole, or supply chain attacks for initial penetration. There is also a case where the group exploited a central management solution during the malware installation process. Recently, the Andariel group…
