LNK Files Distributed Through Breached Legitimate Websites (Detected by EDR) Posted By EASTSTON3 , November 14, 2023 AhnLab Security Emergency response Center (ASEC) detected circumstances of a malware strain being distributed through breached legitimate websites using various file names, prompting users to run them. This post will introduce how AhnLab EDR analyzes and detects the method of malware distribution using LNK files as the medium, a method that has been employed often in recent times. Pomerium Project Related Inquiry Data.txt.lnkData Regarding Application for Changes Before the 2023 Iris Agreement.txt.lnkSuyeon Oh Statement Data.txt.lnkOn Inquiry Confirmation.txt.lnkDeep Brain AI Interview Guide.txt.lnkRecruitment…
Ddostf DDoS Bot Malware Attacking MySQL Servers Posted By Sanseo , November 14, 2023 The AhnLab Security Emergency response Center’s (ASEC) analysis team is constantly monitoring malware distributed to vulnerable database servers. MySQL server is one of the main database servers that provides the feature of managing large amounts of data in a corporate or user environment. Typically, in Windows environments, MS-SQL is primarily installed for database services, while in Linux environments, database services like MySQL and PostgreSQL are used. However, although not as frequently as MS-SQL servers, there are instances where MySQL servers…
2023 Sep – Threat Trend Report on APT Groups Posted By ahnlabti , November 13, 2023 In this report, we cover nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions including AhnLab during the previous month; however, the content of some APT groups may not…
2023 Sep – Threat Trend Report on Ransomware Statistics and Major Issues Posted By ahnlabti , November 13, 2023 This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in September 2023, as well as notable ransomware issues in Korea and other countries. Key Trends 1) Sharp Decrease in Targeted Businesses Related to CLOP Ransomware and MOVEit 2) NoEscape Ransomware and Its Imitations 3) Ransomware Group Using GDPR as a Bluff (GDPR Gambit) 4) Others Sep_Threat Trend Report on Ransomware Statistics and Major Issues
2023 Sep – Threat Trend Report on Kimsuky Group Posted By ahnlabti , November 13, 2023 The Kimsuky group’s activities in September 2023 showed a notable surge in the RandomQuery type, while the activities of other types were relatively low or non-existent. Sep_Threat Trend Report on Kimsuky Group
