Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included

While investigating a recent breach case of the internal network of a certain company, AhnLab ASEC analysis team has confirmed that the VPN account used to access the company network was leaked from the PC of a certain employee who was working from home. The company where the damage occurred provided VPN service to employees who were working from home to give access to the company’s internal network, and the employees connected to the VPN on the provided laptops or…

APT Attack Cases of Kimsuky Group (PebbleDash)

The ASEC analysis team has been keeping an eye on the trend of malware that attempts APT attacks, sharing findings on the blog. In this confirmed case, PebbleDash backdoor was used in the attack, but logs of AppleSeed, Meterpreter, and other additional malware strains were also found. PebbleDash Backdoor The attacker sent the following spear phishing email, prompting the user to download and run the compressed file after clicking the link for the attachment. “Construction completion notice.pif” file can be…

[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0

CVE-2021-45105 vulnerability that operates in Log4j 2.16.0 version was additionally revealed on December 18th, 2021 (CVSS 7.5). 1. Vulnerable Versions Log4j 2.0-beta9 to 2.16.0 2. Vulnerability Exploitation Technique Vulnerability exploitations may occur if applications that use Log4j are enabled with the layout pattern and thread context features. The following shows the vulnerable environment and the technique for exploiting it. 1) Vulnerable Environment [Settings] Applications are enabled to lookup thread contexts in the layout pattern [Part of log4j2.properties settings] appender.console.type =…

[Notice] Log4j Core Affected by Apache Log4j Vulnerability CVE-2021-44228

AhnLab recommends security updates for Apache Log4j vulnerability. An immediate update is required for CVE-2021-44228 vulnerability, which is most critical (CVSS 10.0). It is advised for the users to check if the systems that are being operated have vulnerable Log4j Core libraries. The list below shows the list of files for each Log4j-Core version that are affected by the CVE-2021-44228 vulnerability. The hash for each version may be different if the Log4j source code is manually built in the individual…