Ransom & Dark Web Issues Week 3, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, March 2026 New Threat Actor CipherForce Claims Cyberattack on South Korean Job Portal New Threat Actor Loki Emerges, Leaks US Citizens’ Personal Data Cybercrime Forum LeakBase Shut Down Again by Russian Authorities
Winos4.0 Malware Disguised as KakaoTalk Installer
Distribution Method – SEO Poisoning Typically, people perceive the sites that appear at the top of Google search results as the “most authoritative and official” sites. however, threat actors are playing on the psychology of such users, manipulating the search engine’s algorithms to place malicious sites at the top. SEO
Ransom & Dark Web Issues Week 2, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2026 Qilin ransomware attack targeting a well-known dermatology clinic in South Korea and the Korean branch of a global advertising company [1], [2] KillSec and Everest ransomware attacks targeting a South Korean exhibition management platform
Ransom & Dark Web Issues Week 1, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, March 2026 Morpheus Launches Ransomware Attack on South Korean Plating Company Ailock Resumes Activity and Republishes Previous Ransomware Victims Pro-Iranian and Pro-Islamist Hacktivist Groups Launch Cyber Attacks on Middle Eastern and Pro-Western Targets [1], [2]
Ransom & Dark Web Issues Week 4, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, Fabruary 2026 Source code of a South Korean accounting automation solution provider sold on BreachForums Beast ransomware attack targeting a South Korean pharmaceutical company and battery safety component manufacturer [1], [2] Atomsilo resumes activity and
Ransom & Dark Web Issues Week 3, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Fabruary 2026 Anubis and The Gentlemen launch ransomware attacks targeting a South Korean plastics manufacturer and an IT consulting company [1], [2] Emergence of the new ransomware group Payload ShinyHunters claims data breach involving a
Ransom & Dark Web Issues Week 2, February 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, February 2026 Beast, Ransomware Attack Targeting a South Korean Aerospace Component Manufacturer RipperSec, Claims of DDoS Attacks Targeting South Korean Exhibition Centers, Military Training Grounds, Associations, and Defense-related Companies [1], [2], [3], [4] NoName05716, Claims
Ransom & Dark Web Issues Week 1, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, Fabruary 2026 Qilin Targets South Korean Public Broadcaster with Ransomware Confidential Military Data from U.S. Aerospace Composites Manufacturer Sold on BreachForums ShinyHunters Leaks Data from Two Prestigious U.S. Private Universities
Ransom & Dark Web Issues Week 4, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, January 2026 New Ransomware Group 0APT and BravoX Identified [1], [2] RAMP Cybercrime Forum Domains Seized by FBI and DOJ World Leaks Targets U.S. Global Sportswear Company in Ransomware Attack
Detection of Recent RMM Distribution Cases Using AhnLab EDR
AhnLab SEcurity intelligence Center (ASEC) has recently observed an increase in attack cases exploiting Remote Monitoring and Management (RMM) tools. Whereas attackers previously exploited remote control tools during the process of seizing control after initial penetration, they now increasingly leverage RMM tools even during the initial distribution phase across diverse
