Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang) Posted By jcleebobgatenet , July 16, 2021 The ransomware attack by leveraging a vulnerability in VSA (a cloud-based management service that can manage various patches and perform client monitoring) made by Kaseya, an IT solutions developer for enterprises and managed service providers (MSPs), turned out to be BlueCrab (Sodinikibi) ransomware that is being actively distributed in korea as well. The figure below shows a desktop infected with the ransomware, which flashes the same screen like that of BlueCrab being widely spread in Korea. Unlike BlueCrab well-known in…
Malicious Word Documents Pretending ‘Korea Association for Political and Diplomatic History’ and ‘Policy Advisory Member Profile’ Being Distributed Posted By jcleebobgatenet , July 15, 2021 As shown below, the ASEC analysis team introduced on two occasions that malicious word documents with titles ‘Compensation Claim Form’ and ‘Summer Academic Conference Profile Template’ were being distributed. While monitoring similar attack types, the team found evidence that the creator of the documents distributed new word documents in June and on July 1st. Titles of newly discovered malicious word document The National Unification Advisory Council-Korea Association for Political and Diplomatic History Joint Academic Conference Program (Finalized).docx – Additional discovery in…
Malicious Word Document Disguised as Profile Template File for Summer Academic Conference Being Distributed Posted By jcleebobgatenet , July 14, 2021 In June this year, the ASEC analysis team introduced a malicious word document assumed as a targeted attack. Recently, the team confirmed that malware of the same type is being distributed with new content. It was distributed through mails with the sender impersonating an admin of a summer academic conference in Korea (see Figure below). The mail had an attachment named ‘[** Summer Academic Conference]_Profile Template.doc’ which prompts the user to fill out the form. The figure below is the…
Nitol Malware Being Distributed in Forum Archive Posted By jcleebobgatenet , July 9, 2021 The ASEC analysis team confirmed that malware is being distributed in a forum archive in Korea. The attacker uploaded 4 posts disguised as sharing utility programs that are used to distribute malware. These posts distribute Nitol malware disguised as certain utility programs. The related attacks have been happening since last June. Each post has a description of a utility program with a torrent file attached. Upon opening the torrent file using the torrent client, files can be downloaded. When downloading…
ASEC Weekly Malware Statistics (June 28th, 2021 – July 4th, 2021) Posted By jcleebobgatenet , July 8, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 28th, 2021 (Monday) to July 4th, 2021 (Sunday). For the main category, info-stealer ranked top with 67%, followed by RAT (Remote Administration Tool) malware with 13.5%, CoinMiner with 7.0%, downloader with 5.9%, Ddos with 3.4%, and ransomware with 3.1%. Top 1 – AgentTesla AgentTesla was ranked first place with 15.8%. It is an…
