January 2023 Threat Trend Report on Kimsuky Group Posted By ahnlabti , April 18, 2023 Overview The Kimsuky group’s activities in January 2023 were not so different from the past, and there were no prominent issues. However, it had been identified that AppleSeed and a tunnel program called ngrok were being distributed on a normal Korean website. The types of Fully Qualified Domain Name (FQDN) were mainly FlowerPower, AppleSeed, and Random Query. Attack Statistics Like the 2022 Threat Trend Report on Kimsuky Group published on February 27, the FQDN of the FlowerPower type was…
Shadow Force Group’s Viticdoor and CoinMiner Posted By ahnlabti , April 18, 2023 The Shadow Force group is a threat group that has been active since 2013, targeting corporations and organizations in South Korea. Trend Micro revealed the first analysis report in September 2015, where it stated that a Korean media-related company had been attacked. In March 2020, AhnLab published an analysis report on Operation Shadow Force. It was introduced as a single campaign as there was the possibility of it being the activities of an existing threat group. However, no relevant threat…
ASEC Weekly Malware Statistics (April 10th, 2023 – April 16th, 2023) Posted By ASEC , April 18, 2023 AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 10th, 2023 (Monday) to April 16th, 2023 (Sunday). For the main category, backdoor ranked top with 58.4%, followed by downloader with 23.0%, Infostealer with 17.2%, ransomware with 0.8%, and banking with 0.6%. Top 1 – RedLine RedLine ranked first place with 54.7%. The malware steals various information such as web browsers,…
ASEC Weekly Phishing Email Threat Trends (April 2nd, 2023 – April 8th, 2023) Posted By ASEC , April 18, 2023 AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 2nd, 2023 to April 8th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…
Trigona Ransomware Attacking MS-SQL Servers Posted By Sanseo , April 17, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered the Trigona ransomware being installed on poorly managed MS-SQL servers. Trigona is a relatively recent ransomware that was first discovered in October 2022, and Unit 42 has recently published a report based on the similarity between Trigona and the CryLock ransomware. [1] 1. Poorly Managed MS-SQL Servers Poorly managed MS-SQL servers typically refer to those that are exposed to external connections and have simple account credentials, rendering them vulnerable to brute force…
