Ransomware Attacks Using RDP as the Attack Vector (Detected by EDR)
A remote desktop service refers to the feature that allows remote control of other PCs. In Windows, this service is provided by default through Remote Desktop Protocol (RDP). This means that if the target system is a Windows environment, RDP can be used to control this remote target without having
Kimsuky Targets South Korean Research Institutes with Fake Import Declaration
AhnLab Security Emergency response Center (ASEC) has recently identified that the Kimsuky threat group is distributing a malicious JSE file disguised as an import declaration to research institutes in South Korea. The threat actor ultimately uses a backdoor to steal information and execute commands. The file name of the dropper
Personal Information Sales Used as Bait to Distribute Malware
AhnLab Security Emergency response Center (ASEC) discovered a case of malware distribution using personal information sales as bait. This attack case employs a social engineering hacking technique. ASEC provides you with recently discovered circumstances of malware distribution using social engineering hacking techniques. Figure 1 shows the content of the website
Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)
While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions,
Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike
AhnLab Security Emergency response Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed. Because web servers are externally exposed for the purpose of providing web services to all available users, these become major attack targets for threat actors. Major examples of
2023 Sep – Threat Trend Report on APT Groups
In this report, we cover nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming to gain
2023 Sep – Threat Trend Report on Ransomware Statistics and Major Issues
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in September 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) Sharp Decrease in Targeted Businesses Related to CLOP Ransomware and MOVEit 2) NoEscape Ransomware and Its Imitations
2023 Sep – Threat Trend Report on Kimsuky Group
The Kimsuky group’s activities in September 2023 showed a notable surge in the RandomQuery type, while the activities of other types were relatively low or non-existent. Sep_Threat Trend Report on Kimsuky Group
2023 Sep – Deep Web and Dark Web Threat Trend Report
This trend report on the deep web and dark web of September 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware – Akira – ALPHV (BlackCat) –
Distribution of Malicious LNK File Disguised as Producing Corporate Promotional Materials
Recently, AhnLab Security Emergency response Center (ASEC) has identified a malicious LNK file being distributed to financial and blockchain corporation personnel through email and other ways. The malicious LNK file is distributed via URLs and AhnLab Smart Defense (ASD) has confirmed the following URLs. Download URLshxxps://file.lgclouds001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.lgclouds001[.]com/read/?[email-account]&zw=blockchain%20corporate%20solution%20handbook%20production.zip)hxxps://file.ssdrive001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.ssdrive001[.]com/read/?[email-account]&zw=blockchain20corporate%20solution%20solution%20production.zip)
