Ransom & Dark Web Issues Week 1, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, April 2026 Ransomware group NetRunner attack against the Indian subsidiary of a South Korean auto parts manufacturer Ransomware group Everest attack against a major Japanese automaker ShinyHunters claims of source code and internal data leak
Beware of Apps with Excessive Advertising Distributed via Mobile App Stores
AhnLab’s engine development team found a number of apps on the Google Play Store and Apple App Store that disguised themselves as dealing with topics close to our daily lives, such as government policies and learning apps, and displayed excessive ads. Figure 1. Hyped apps circulating on Google Play
Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)
Overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution
Ransom & Dark Web Issues Week 4, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, March 2026 Japanese Automaker Suffers Personal Data Breach via Unauthorized External Access INC Ransom Targets South Korean Steel Manufacturer in Ransomware Attack LeakBase Forum Administrator Arrested in Russia
Attack Targeting MS‑SQL Servers to Deploy the ICE Cloud Scanner (Larva-26002)
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Larva-26002 threat actor continues to target improperly managed MS-SQL servers in 2026. The Larva-26002 threat actor has distributed Trigona and Mimic ransomware in the past, and has since seized control of infected systems and installed scanners. The latest confirmed attack utilizes
Ransom & Dark Web Issues Week 3, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, March 2026 New Threat Actor CipherForce Claims Cyberattack on South Korean Job Portal New Threat Actor Loki Emerges, Leaks US Citizens’ Personal Data Cybercrime Forum LeakBase Shut Down Again by Russian Authorities
Winos4.0 Malware Disguised as KakaoTalk Installer
Distribution Method – SEO Poisoning Typically, people perceive the sites that appear at the top of Google search results as the “most authoritative and official” sites. however, threat actors are playing on the psychology of such users, manipulating the search engine’s algorithms to place malicious sites at the top. SEO
Ransom & Dark Web Issues Week 2, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2026 Qilin ransomware attack targeting a well-known dermatology clinic in South Korea and the Korean branch of a global advertising company [1], [2] KillSec and Everest ransomware attacks targeting a South Korean exhibition management platform
Ransom & Dark Web Issues Week 1, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, March 2026 Morpheus Launches Ransomware Attack on South Korean Plating Company Ailock Resumes Activity and Republishes Previous Ransomware Victims Pro-Iranian and Pro-Islamist Hacktivist Groups Launch Cyber Attacks on Middle Eastern and Pro-Western Targets [1], [2]
Ransom & Dark Web Issues Week 4, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, Fabruary 2026 Source code of a South Korean accounting automation solution provider sold on BreachForums Beast ransomware attack targeting a South Korean pharmaceutical company and battery safety component manufacturer [1], [2] Atomsilo resumes activity and
