ASEC Weekly Phishing Email Threat Trends (March 26th, 2023 – April 1st, 2023) Posted By ASEC , April 11, 2023 AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from March 26th, 2023 to April 1st, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…
3CX DesktopApp Supply Chain Attack Also Detected in Korea Posted By ASEC , April 11, 2023 On March 29, 2023, CrowdStrike announced that a threat group based in North Korea launched a supply chain attack through 3CX DesktopApp. [1] With this app, the threat actor installed an Infostealer in the target system. AhnLab Security Emergency response Center (ASEC) previously announced a 3CX DesktopApp supply chain attack in the following blog post alongside mitigation measures. [2] This post will provide an analysis of the malware used in the attacks and logs of their infection in Korea collected via AhnLab Smart Defense…
Bitter Group Distributes CHM Malware to Chinese Organizations Posted By gygy0101 , April 6, 2023 The Bitter (T-APT-17) group is a threat group that usually targets South Asian government organizations, using Microsoft Office programs to distribute malware such as Word or Excel. AhnLab Security Emergency response Center (ASEC) has identified multiple circumstances of the group distributing CHM malware to certain Chinese organizations. CHM files have been used by various threat groups in APT attacks since earlier this year and covered multiple times in ASEC blog posts. The files used in the recent attack were being…
ASEC Weekly Malware Statistics (March 27th, 2023 – April 2nd, 2023) Posted By ASEC , April 6, 2023 AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 27th, 2023 (Monday) to April 2nd, 2023 (Sunday). For the main category, backdoor ranked top with 54.9%, followed by downloader with 22.9%, Infostealer with 20.6%, ransomware with 1.3%, and CoinMiner with 0.3%. Top 1 – RedLine RedLine ranked first place with 47.4%. The malware steals various information such as web browsers,…
Caution When Using 3CX DesktopApp (CVE-2023-29059) Posted By choeyul , April 5, 2023 Overview Details about how supply chains were attacked through the 3CX DesktopApp were published. [1] This software provides users with various communication functions, such as voice calls and video conferences, and can be operated on both Windows and MAC operating systems. Currently, the 3CX company is preparing to issue a new certificate, and until then, they are instructing users to use an alternative software. Description Regarding this, the distributed malware are confirmed to include modules that perform malicious functions and are…
