Uncategorized

The Kimsuky group’s activities in April 2023 showed a decline in comparison to their activities in March, falling under half the number of the previous month. Korean domains were used for FlowerPower like before without major changes, and the RandomQuery type also remained the same. Lastly, we confirmed that the

Following the recent abuse of vulnerabilities in various malware distributions and attacks, it is becoming more crucial to detect said information early on. Zero-day and other various vulnerabilities are typically spread faster through social networks. AhnLab provides the trend of current vulnerabilities through the ATIP service based on the information

The Kimsuky group’s activities in March 2023 showed a decline in comparison to their activities in February. Unlike the past where most major issues were found in the FlowerPower type, this month was focused on the RandomQuery type, which showed the highest amount of activity. The FlowerPower type began to

This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in March 2023, as well as notable ransomware issues in Korea and overseas. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or

This trend report on the deep web and dark web of March 2023 is sectioned into Ransomware, Forum & Black Market, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) Clop Ransomware (2) BlackCat

Overview The Kimsuky group’s activities in February 2023 were very significant in comparison to their activities in January. Many new types were discovered, including a variant of FlowerPower which stole information stored in browsers via the GitHub API, a DLL version of xRAT, and a new type of RAT called

Overview The Kimsuky group’s activities in January 2023 were not so different from the past, and there were no prominent issues. However, it had been identified that AppleSeed and a tunnel program called ngrok were being distributed on a normal Korean website. The types of Fully Qualified Domain Name (FQDN)

The Shadow Force group is a threat group that has been active since 2013, targeting corporations and organizations in South Korea. Trend Micro revealed the first analysis report in September 2015, where it stated that a Korean media-related company had been attacked. In March 2020, AhnLab published an analysis report

In comparison to 2021, 2022 was a year filled with invisible activities, new attack types, Fully Qualified Domain Names (FQDN), and attack preparations. AhnLab identified a significantly higher number of these activities in comparison to 2021. One of these cases involved an incorrect configuration of C2 servers, causing the files

A unique difference with the past cases was discovered during the analysis of the Kimsuky group’s spear phishing URLs. Until now, the group used Fully Qualified Domain Names (FQDN) disguised as famous Korean web portals. An analysis of the URLs collected during the past two months revealed multiple new FQDNs