Ransom & Dark Web Issues Week 2, May 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, May 2026 Coinbase Claims Data Leak of South Korean Medical Ultrasound Equipment Manufacturer Emergence of New Data Extortion Group ‘Leak Bazaar’ Hasan’s BreachForums and TeamPCP Host Large-Scale Supply Chain Attack Competition Using Shaid-Hulud Worm
Ransom & Dark Web Issues Week 1, May 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, May 2026 Guatemalan Government Agency Data Sold on DarkForums BlackWater Ransomware Attack Targets Chinese Auto Parts Manufacturer Japanese Fintech Firm Suffers Unauthorized GitHub Access
Ransom & Dark Web Issues Week 5, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 5, April 2026 Emergence of a new ransomware group, M3RX Data from a South Korean religious organization sold on DarkForums ShinyHunters claims a data leak from a US interactive media company
Ransom & Dark Web Issues Week 4, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, April 2026 ShinyHunters Claims Data Breach Involving Major U.S. Convenience Store Chain ShinyHunters Claims Theft of Internal Data and Source Code from U.S. Software Development Firm Emergence of New Data Extortion Group: Prinz Eugen
Ransom & Dark Web Issues Week 3, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, April 2026 Emergence of New Ransomware Groups: TiMC, BlackWater, and Lamashtu [1], [2], [3] NoName05716 Claims DDoS Attacks on South Korean Public & Private Sectors [1], [2], [3] VECT & TeamPCP Campaign: Supply Chain Attack
LOLBins – Analysis of MSBuild-Based Attack Techniques
Overview In recent years, cyber threat actors have consistently attempted to exploit living off the land binaries (LOLBins) built into systems to bypass detection by security products. Such attack methods effectively evade traditional signature-based detection by not distributing a separate malicious file, but instead relying on tools trusted by the
Ransom & Dark Web Issues Week 2, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2026 Emergence of New Ransomware Group ‘KryBit’ Gunra, Ransomware Attack Targeting South Korean Pharmaceutical Company DragonForce, Ransomware Attack Targeting Egyptian Generic Drug Developer and Manufacturer
Ransom & Dark Web Issues Week 1, April 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, April 2026 Ransomware group NetRunner attack against the Indian subsidiary of a South Korean auto parts manufacturer Ransomware group Everest attack against a major Japanese automaker ShinyHunters claims of source code and internal data leak
Beware of Apps with Excessive Advertising Distributed via Mobile App Stores
AhnLab’s engine development team found a number of apps on the Google Play Store and Apple App Store that disguised themselves as dealing with topics close to our daily lives, such as government policies and learning apps, and displayed excessive ads. Figure 1. Hyped apps circulating on Google Play
Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)
Overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution
