2023 Oct – Deep Web and Dark Web Threat Trend Report Posted By ahnlabti , December 8, 2023 This trend report on the deep web and dark web of October 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware – Rebrand of Hive? Hunters International – NoEscape Ransomware Gang – RagnarLocker DLS Shut Down – Trigona Disappears Forum & Black Market – 23andMe Database Leaked and Being Sold – Breach of Okta’s Support System Detected…
2023 Oct – Threat Trend Report on Kimsuky Group Posted By ahnlabti , December 8, 2023 The Kimsuky group’s activities in October 2023 decreased slightly in comparison to their overall activities in September. One phishing domain was discovered, but because it uses the BabyShark infrastructure, it was classified as the BabyShark type. There was also a compound type where FlowerPower and RandomQuery were distributed simultaneously. Finally, more changes to the FlowerPower system via script fragmentation were observed. 2023_Oct_Threat Trend Report on Kimsuky Group
2023 Oct – Threat Trend Report on Ransomware Statistics and Major Issues Posted By ahnlabti , December 8, 2023 This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in October 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) HelloKitty Ransomware’s Source Code Leaked 2) Ransomware Attacks Against Unpatched WS_FTP Server 3) BlackCat Ransomware Uses ‘Munchkin’ Alpine Linux VM 4) Others 2023_Oct_Threat Trend Report on Ransomware Statistics and Major Issues
AsyncRAT Distributed via WSF Script Posted By ch.lim , December 6, 2023 The AhnLab Security Emergency response Center (ASEC) analysis team previously posted about AsyncRAT being distributed via files with the .chm extension. [1] It was recently discovered that this type of AsyncRAT malware is now being distributed in WSF script format. The WSF file was found to be distributed in a compressed file (.zip) format through URLs contained within emails. [Download URLs]1. https://*****************.com.br/Pay5baea1WP7.zip2. https://************.za.com/Order_ed333c91f0fd.zip3. https://*************.com/PAY37846wp.zip4. https://*****.****.co/eBills37890913.zip Decompressing the first downloaded zip file yields a file with a .wsf file extension. This file mostly consists of…
Ransomware Attacks Using RDP as the Attack Vector (Detected by EDR) Posted By Sanseo , December 4, 2023 A remote desktop service refers to the feature that allows remote control of other PCs. In Windows, this service is provided by default through Remote Desktop Protocol (RDP). This means that if the target system is a Windows environment, RDP can be used to control this remote target without having to install additional remote control tools. For remote control, the operator is required to have account credentials for the target system and log in using these credentials. As such, if…
