Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking) Posted By KDH , November 1, 2023 Caution is advised as an Infostealer that prompts the execution of legitimate EXE files is actively being distributed. The threat actor is distributing a legitimate EXE file with a valid signature and a malicious DLL compressed in the same directory. The EXE file itself is legitimate, but when executed in the same directory as the malicious DLL, it automatically runs that malicious DLL. This technique is called DLL hijacking and is often used in the distribution of malware. The distribution…
Warning Against HWP Documents Embedded with Malicious OLE Objects Posted By yeeun , November 1, 2023 AhnLab Security Emergency response Center (ASEC) found HWP documents that were embedded with OLE objects, targeting individuals in specific sectors such as the national defense and the press. The malware is presumed to be distributed mainly through download URLs or attachments in emails. The file names of the distributed documents are relevant to the areas of national defense, unification, education, and broadcasting, suggesting that the malware targets professionals involved in these areas. The HWP documents analyzed in this post largely…
Where Has the MS Office Document Malware Gone? Posted By suuzzane , October 18, 2023 Infostealers, which steal user account credentials saved in web browsers or email clients, constitute the majority of attacks targeting general or corporate users. Related information was shared through the ASEC Blog in December of last year. [1] While the distribution method for the named malware differs slightly depending on their main features, Infostealer-type malware typically uses malicious sites disguised as pages for downloading legitimate programs as their distribution route. They are also actively distributed through spam email attachments or MS…
Lazarus Group’s Operation Dream Magic Posted By securityresponseteam , October 17, 2023 The Lazarus group is a hacking group that is known to be state-sponsored and is actively conducting hacking activities worldwide for financial gain, data theft, and other purposes. A simplified overview of the Lazarus group’s watering hole attack that abused the INISAFE vulnerability is as follows: a malicious link was inserted within a specific article on a news website. Consequently, companies and institutions that clicked on this article were targeted for hacking. The hackers exploited vulnerable Korean websites with C2…
Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware Posted By Sanseo , October 13, 2023 Overview1. Analysis of Volgmer Backdoor…. 1.1. Initial Version of Volgmer…….. 1.1.1. Analysis of Volgmer Dropper…….. 1.1.2. Analysis of Volgmer Backdoor…. 1.2. Later Version of Volgmer…….. 1.2.1. Analysis of Volgmer Backdoor2. Analysis of Scout Downloader…. 2.1. Droppers (Volgmer, Scout)…. 2.2. Analysis of Scout Downloader…….. 2.2.1. Scout Downloader v1…….. 2.2.2. Scout Downloader v23. Conclusion Table of Contents The seemingly state-sponsored Lazarus threat group has records of activity that date back to 2009. In the early days, their activities were mostly focused on…
