Kimsuky Group launched Attack during South Korean Legislative Election Period Posted By AhnLab_en , April 10, 2020 Yesterday (April 9, 2020), AhnLab revealed that a malware in the form of an election-related document is being distributed. When running it alone, it is difficult to check whether it’s an actual election related document or not, but we found out that it can be checked via macro of another document file. Seeing that its content can be checked only in specific situations, it is assumed that the attacker targeted specific systems. This malware was confirmed to be an attack carried out…
New NEMTY Ransomware v3.1 Being Distributed in Korea (April 1, 2020) Posted By AhnLab_en , April 2, 2020 On April 1, AhnLab ASEC detected distributions of NEMTY REVENUE 3.1, which is the updated version of NEMTY ransomware. Similar to the previous version, the malware was distributed through an email attachment. Detected filenames are ‘resume’, ‘portfolio’, ‘breach of electronic commerce act,’ which are hardly changed compared to the previous version. Request for the retention of data processing and nontranscriptional resource (20200401)_retain resource to prevent unjust gain.exe Notice on violation of electronic commerce act_retain resource to prevent unjust gain.exe Resume_Kim…
Attack Technique that Utilizes the Differences Between the Extraction Methods of Each Compressor (Prompting Use of WinRAR) Posted By AhnLab_en , March 30, 2020 On March 23, ASEC analysis team has found that abnormal malicious archive files have been distributed via email. The attachment in the e-mail is ZIP extension, but it prompts the user to extract it by a specific decompressor using a message “Use Winrar.” Distributing archived malware via email is a known method. As shown in the highlighted text (Use Winrar) in Figure 1, this email prompts the user to decompress the file using ‘WinRAR.’ 2 samples distributed that way have been…
Cyberattacks Exploiting COVID-19 Continue… Posted By AhnLab_en , March 24, 2020 As health care workers battle with COVID-19 pandemic in the frontline to keep people safe, security professionals continue to combat coronavirus related malware to secure the cyber world. Government and health officials have been publishing guidelines to prevent the virus, and it comes as no surprise that hackers have been exploiting it once again. ASEC (AhnLab Security Emergency-response Center) analysts have analyzed the latest COVID-19 related malware. AhnLab’s security experts have been continuously analyzing COVID-19 related malware. According to ASEC…
Distribution of Excel File with Malicious Macro Hidden ‘Deeper’ – very hidden Posted By AhnLab_en , March 11, 2020 Malware Info Distribution of Excel File with Malicious Macro Hidden ‘Deeper’ – very hidden by AhnLab ASEC Analysis Team March 11, 2020. An excel file that used a new method to hide a malicious macro has been discovered. This file used excel 4.0 (XLM) macro sheet and took a departure from the previous method of simply hiding a malicious macro. Now, hide property cannot be removed using the normal user interface. Because it doesn’t use VBA macro code method and…
