March 2023 Deep Web & Dark Web Threat Trend Report Posted By ahnlabti , May 24, 2023 This trend report on the deep web and dark web of March 2023 is sectioned into Ransomware, Forum & Black Market, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) Clop Ransomware (2) BlackCat (Alphv) Ransomware (3) LockBit Ransomware (4) Medusa Ransomware 2) Forum & Black Market (1) Breached Forums Closed 3) Threat Actor (1) Netwire RAT Malware Infrastructure Confiscated and Admin Arrested (2)…
StrelaStealer Being Distributed To Spanish Users Posted By gygy0101 , May 23, 2023 AhnLab Security Emergency response Center (ASEC) analysis team has recently confirmed the StrelaStealer Infostealer being distributed to Spanish users. StrelaStealer was initially discovered around November 2022 and has been distributed as an attachment to spam emails. In the past, ISO files were used as attachments, but recently, ZIP files have been utilized instead. Figure 1. Distributed email The email that is being distributed is similar to the one shown in Figure 1. The email body and the name of the…
Lazarus Group Targeting Windows IIS Web Servers Posted By muhan , May 23, 2023 AhnLab Security Emergency response Center (ASEC) has recently confirmed the Lazarus group, a group known to receive support on a national scale, carrying out attacks against Windows IIS web servers. Ordinarily, when threat actors perform a scan and find a web server with a vulnerable version, they use the vulnerability suitable for the version to install a web shell or execute malicious commands. The AhnLab Smart Defense (ASD) log displayed below in Figure 1 shows that Windows server systems are…
DarkCloud Infostealer Being Distributed via Spam Emails Posted By Sanseo , May 23, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered the DarkCloud malware being distributed via spam email. DarkCloud is an Infostealer that steals account credentials saved on infected systems, and the threat actor installed ClipBanker alongside DarkCloud. 1. Distribution Method The threat actor sent the following email to induce users to download and execute the attachment. The contents of this email prompt users to check the attached copy of the payment statement sent to the company account. When the attachment…
ASEC Weekly Phishing Email Threat Trends (May 7th, 2023 – May 13th, 2023) Posted By ASEC , May 23, 2023 AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 7th, 2023 to May 13th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…
