Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome Posted By jcleebobgatenet , January 12, 2022 The ASEC analysis team has been continuously monitoring Magniber, ransomware that is distributed via Internet Explorer (IE) vulnerabilities. For the last couple of years, the attacker behind Magniber has been exploiting IE vulnerabilities to deploy ransomware. And as shown in the previous blog below, it is still being distributed by exploiting the IE vulnerabilities. What’s new, however, is that Magniber’s distribution has been confirmed on browsers other than IE: Microsoft Edge and Google Chrome. This blog post aims to explain…
Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash) Posted By jcleebobgatenet , January 5, 2022 This document is an analysis report on types of malware recently utilized by the Kimsuky group. The Kimsuky group is mainly known for launching social engineering attacks such as spear phishing. Judging by the names of the attached files, the group seems to be targeting those working in the fields related to North Korea and foreign affairs. According to the scan logs of AhnLab’s ASD infrastructure, the threat group has been mainly targeting personal users rather than companies, but has…
Distribution of Redline Stealer Disguised as Software Crack Posted By jcleebobgatenet , January 3, 2022 In the previous blog post, the AhnLab ASEC analysis team has mentioned malware that is searched through keywords such as cracks and serials of commercial software, urging users to take caution. While investigating a recent breach case of the internal network of a certain company, the team has discovered that the company was infected with Redline Stealer disguised as a crack for commercial software and had its VPN website and account credentials leaked. The company where the damage occurred provided…
Case of Infection With Lockis Ransomware in a Company, Caused by Not Using Anti-Malware’s Lock Policy Posted By jcleebobgatenet , January 3, 2022 Around November, one of AhnLab’s clients suffered an infection from the Lockis ransomware to several of their servers. As the targeted company suffered a malware infection despite the fact it was using the anti-malware program V3, AhnLab A-FIRST conducted a forensic analysis to find out the cause of infection. As stated in “ASEC Blog: Hacking Tool Used Together With Lockis Ransomware,” the Lockis ransomware is a variant of the GlobeImposter ransomware that first appeared on September 16th. AhnLab has been…
Hacking Tool Used With Lockis Ransomware Posted By jcleebobgatenet , January 3, 2022 AhnLab A-FIRST conducted a forensic analysis of the damaged system infected with Lockis ransomware around November. Lockis ransomware is a variant of GlobeImposter ransomware that the Russian attack group TA505 uses, and it first appeared on September 16th. The number of variants of the GlobeImposter ransomware has constantly been increasing since its first appearance in February 2017, and a total of 192 variants have been discovered so far. The attacker is known to use attack techniques such as sending malicious…
