ASEC Weekly Phishing Email Threat Trends (March 12th, 2023 – March 18th, 2023)

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from March 12th, 2023 to March 18th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…

ChinaZ DDoS Bot Malware Distributed to Linux SSH Servers

AhnLab Security Emergency response Center (ASEC) has recently discovered the ChinaZ DDoS Bot malware being installed on inadequately managed Linux SSH servers. As one of the Chinese threat groups that were first discovered around 2014, the ChinaZ group installs various DDoS bots on Windows and Linux systems. [1] Major DDoS bots assumed to have been created by the ChinaZ threat group include XorDDoS, AESDDos, BillGates, and MrBlack. This article will cover the DDoS bot known as ChinaZ or ChinaZ DDoSClient. 1. Attack…

OneNote Malware Disguised as Compensation Form (Kimsuky)

AhnLab Security Emergency response Center (ASEC) has discovered the distribution of a OneNote malware disguised as a form related to compensation. The confirmed file is impersonating the same research center as the LNK-type malware covered in the post below. Based on the identical malicious activity performed by the VBS files, the team has deduced that the same threat actor is behind both incidents. Malware Distributed Disguised as a Password File As shown in the figure below, a page discussing compensation…

Warning for Microsoft Office Outlook Privilege Escalation Vulnerability (CVE-2023-23397)

Overview Microsoft has discovered a vulnerability in Outlook for Windows that is being exploited to steal NTLM credentials. Microsoft has assigned the code CVE-2023-23397 to this vulnerability. The company gave it an unusually high CVSS score of 9.8, with CVSS being the evaluation score for the severity level. Vulnerability Details Outlook has a ‘Reminder’ feature which alerts users of schedules on their calendar. The following alert is also displayed when the schedule period has elapsed. Figure 1. Outlook Reminder feature The…

Warning for Asset Management Program (TCO!Stream) Vulnerability and Update Recommendation

Vulnerable Software and Overview TCO!Stream is an asset management solution developed by the Korean company, MLsoft. Consisting of a server and a client, administrators can use the console program to perform asset management work by accessing the server. TCO!Stream offers various features for asset management, but there is a process that runs constantly on the client in order to receive commands from the server. Commands are performed through this process. This management solution is exposed to vulnerability attacks that could…