Uncategorized

Background Currently, ransomware creators include individuals, cyber criminal gangs and state-supported groups. Out of these individuals and groups, cyber criminal gangs are the most proactive in ransomware development, while individuals and state-supported groups are less so. Privately developed ransomware is most often for research purposes with the intention of destroying

0. Overview This report is a continuation of the “Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies” post that was uploaded on August 16, 2022 and follows the group’s activities since that post. This group has always relied on open-source tools and lacked any distinct characteristics to profile

The ASEC analysis team has recently discovered the distribution of Quasar RAT through the private Home Trading System (HTS). No information could be found when looking up the HTS called HPlus that was used in the attack. Furthermore, the company’s name could not be found in even the clause of

Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of

Many corporations and users both in and outside Korea use Microsoft accounts to use major services offered by Microsoft, including Outlook, Office, OneDrive, and Windows. Users use integrated login to easily access all Microsoft services linked to their account. What does this mean for the threat actor? There is no

In the ASEC blog post uploaded on April 2022 (New Malware of Lazarus Threat Actor Group Exploiting INITECH Process, https://asec.ahnlab.com/en/33801/), the team discussed the fact that the Lazarus attack group had been exploiting the INITECH process to infect systems with malware.  This article aims to cover the details of the

On June 7th, the ASEC analysis team swiftly uploaded a brief introduction of a zero-day vulnerability for Microsoft Office files (Follina). As the patch for the vulnerability is not distributed yet, users are advised to take caution. Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190) AhnLab has distributed a detection rule

In January 2022, a prominent Korean company in the manufacturing industry had many of its internal systems infected by the Darkside ransomware. As the ransomware was found to be distributed using the AD group policy, AhnLab attempted to conduct a DC server forensic analysis. However, as the virtual environment operating

The ASEC analysis team has been continuously monitoring Magniber, ransomware that is distributed via Internet Explorer (IE) vulnerabilities. For the last couple of years, the attacker behind Magniber has been exploiting IE vulnerabilities to deploy ransomware. And as shown in the previous blog below, it is still being distributed by

AhnLab Security Emergency response Center (ASEC) reveals an analysis report of Lazarus group’s attacks found from around 2020 until recently. The malware discussed here is known as NukeSped, a backdoor type that can perform various malicious behaviors by receiving commands from the attacker. This report will show the analysis of