Information Leakage Caused by DB Client Tool
In recent breach incidents, threat actors have been observed not only accessing systems, but also directly querying internal databases and stealing sensitive information. Particularly, more threat actors are installing DB client tools directly on targeted systems to exfiltrate data, and legitimate tools such as DBeaver, Navicat, and sqlcmd are being
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web in June 2024
This report covers security issues related to the domestic and international financial sector. It consists of content confirmed in phishing, malware, and deep web & dark web. – Statistics on Malware Distributed to Financial Sectors – Statistics on Korean Accounts Exfiltrated Via Telegram by Industry MD5 2586ef80415ac670c1b81367efae7b3d 28127336f11129fd4a3af24e421efdb4 2d67fe77b8b1e53d43ddad90aedd08f0
Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter)
MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are
Cobalt Strike Being Distributed to Unsecured MS-SQL Servers
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting unsecured MS-SQL servers. MS-SQL server is a typical database server of the Windows environment, and it has consistently been a target of attack from the past. Attacks that target MS-SQL servers include attacks to the environment where
