Lazarus Threat Group Attacking Windows Servers to Use as Malware Distribution Points Posted By Sanseo , July 24, 2023 AhnLab Security Emergency response Center (ASEC) has discovered that Lazarus, a threat group deemed to be nationally funded, is attacking Windows Internet Information Service (IIS) web servers and using them as distribution points for their malware. The group is known to use the watering hole technique for initial access. [1] The group first hacks Korean websites and modifies the content provided from the site. When a system using a vulnerable version of INISAFE CrossWeb EX V6 visits this website via a…
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea Posted By Sanseo , July 11, 2023 Rekoobe is a backdoor known to be used by APT31, a threat group based in China. AhnLab Security Emergency Response Center (ASEC) has been receiving reports of the Rekoobe malware from tenants in Korea for several years, and will hereby share its brief analysis. Additionally, the Rekoobe variants will be categorized along with a summary of the ones used to target Korean companies. 1. Overview Rekoobe is a backdoor that targets Linux environments. It was first discovered in 2015, [1]…
Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky) Posted By ye_eun , July 11, 2023 AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of malware in the form of a batch file (*.bat). This malware is designed to download various scripts based on the anti-malware process, including AhnLab products, installed in the user’s environment. Based on the function names used by the malware and the downloaded URL parameters, it is suspected to have been distributed by the Kimsuky group. Although the exact distribution path of the malware has not been confirmed, it appears…
Deep Web & Dark Web Threat Trend Report – May 2023 Posted By ahnlabti , July 7, 2023 This trend report on the deep web and dark web of May 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware – ALPHV (BlackCat) – Akira – BianLian – RA Group – Royal Forum & Black Market – Drug-related Criminals Apprehended Through Information Collected Following the Shutdown of Monopoly Market – RaidForums’s Database Leaked Threat Actor – …
Threat Trend Report on APT Groups – May 2023 Posted By ahnlabti , July 7, 2023 The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups
