Deep Web and Dark Web Threat Trend Report – July 2023 Posted By ahnlabti , September 11, 2023 This trend report on the deep web and dark web of July 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) Cactus (3) CLOP (4) Monti 2) Forum & Black Market (1) The Sale of Genesis Market (2) BreachedForums Database on Sale (3) US Medical Institution’s Database Breached 3) Threat Actor (1)…
Threat Trend Report on Kimsuky Group – July 2023 Posted By ahnlabti , September 11, 2023 The Kimsuky group’s activities in July 2023 showed that FlowerPower is gaining traction, and the group is simultaneously diversifying their attack methods. Additionally, there were no particular issues regarding AppleSeed and RandomQuery types as they are now less used. The BabyShark type to be described in detail further on this report will be included in the statistics from July thereon. ATIP_2023_Jul_Threat Trend Report on Kimsuky Group
BlueShell Used in APT Attacks Against Korean and Thai Targets Posted By Sanseo , September 11, 2023 BlueShell is a backdoor developed in Go. It is available on GitHub and supports Windows, Linux, and Mac operating systems. Currently, it seems the original GitHub repository has been deleted, but the BlueShell source code can be downloaded from other repositories. Notably, the ReadMe file containing the guidelines is in Chinese, and this suggests that the creator may be a Chinese speaker. There aren’t many cases where BlueShell is known to have been used in the attacks unlike SparkRAT, Silver…
RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release Posted By gygy0101 , September 8, 2023 The AhnLab Security Emergency response Center (ASEC) analysis team has recently discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group, is being distributed again. The CHM malware in distribution operates in a similar way to the “CHM Malware Disguised as Security Email from a Korean Financial Company”[1] covered in March of this year and also uses the same commands used in the “2.3. Persistence”[2] stage in the attack process of the RedEyes…
Phishing Script File Breaching User Information via Telegram Being Distributed Posted By suuzzane , September 8, 2023 AhnLab Security Emergency response Center (ASEC) has recently identified circumstances of multiple phishing script files disguised as PDF document viewer screens being distributed as attachments to emails. A portion of the identified file names are as below, and keywords such as purchase order (PO), order, and receipt were used. New order_20230831.html Salbo_PO_20230823.pdf.html WoonggiOrder-230731.pdf.html PO_BG20231608-019.html ○○○ Pharma.pdf.html DH○_BILL_LADING_DOCUMENT_RECEIPT.html _Purchase Order Received from ○○○ Cosmetics_msg (email) BL_148200078498.html En○○○ Purchase Order.html Sung○○ BioX_New PO.pdf.html As shown in Figure 1 below, a blurred image…
