Ransom & Dark Web Issues Week 5, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 5, April 2026 Emergence of a new ransomware group, M3RX Data from a South Korean religious organization sold on DarkForums ShinyHunters claims a data leak from a US interactive media company
Ransom & Dark Web Issues Week 4, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, April 2026 ShinyHunters Claims Data Breach Involving Major U.S. Convenience Store Chain ShinyHunters Claims Theft of Internal Data and Source Code from U.S. Software Development Firm Emergence of New Data Extortion Group: Prinz Eugen
Ransom & Dark Web Issues Week 3, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, April 2026 Emergence of New Ransomware Groups: TiMC, BlackWater, and Lamashtu [1], [2], [3] NoName05716 Claims DDoS Attacks on South Korean Public & Private Sectors [1], [2], [3] VECT & TeamPCP Campaign: Supply Chain Attack
LOLBins – Analysis of MSBuild-Based Attack Techniques
Overview In recent years, cyber threat actors have consistently attempted to exploit living off the land binaries (LOLBins) built into systems to bypass detection by security products. Such attack methods effectively evade traditional signature-based detection by not distributing a separate malicious file, but instead relying on tools trusted by the
Ransom & Dark Web Issues Week 2, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2026 Emergence of New Ransomware Group ‘KryBit’ Gunra, Ransomware Attack Targeting South Korean Pharmaceutical Company DragonForce, Ransomware Attack Targeting Egyptian Generic Drug Developer and Manufacturer
Ransom & Dark Web Issues Week 1, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, April 2026 Ransomware group NetRunner attack against the Indian subsidiary of a South Korean auto parts manufacturer Ransomware group Everest attack against a major Japanese automaker ShinyHunters claims of source code and internal data leak
Beware of Apps with Excessive Advertising Distributed via Mobile App Stores
AhnLab’s engine development team found a number of apps on the Google Play Store and Apple App Store that disguised themselves as dealing with topics close to our daily lives, such as government policies and learning apps, and displayed excessive ads. Figure 1. Hyped apps circulating on Google Play
Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)
Overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution
Ransom & Dark Web Issues Week 4, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, March 2026 Japanese Automaker Suffers Personal Data Breach via Unauthorized External Access INC Ransom Targets South Korean Steel Manufacturer in Ransomware Attack LeakBase Forum Administrator Arrested in Russia
Attack Targeting MS‑SQL Servers to Deploy the ICE Cloud Scanner (Larva-26002)
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Larva-26002 threat actor continues to target improperly managed MS-SQL servers in 2026. The Larva-26002 threat actor has distributed Trigona and Mimic ransomware in the past, and has since seized control of infected systems and installed scanners. The latest confirmed attack utilizes
