z0Miner Exploits Korean Web Servers to Attack WebLogic Server
AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor ‘z0Miner’ attacked Korean WebLogic servers. z0Miner was first introduced by Tencent Security, a Chinese Internet service provider. https://s.tencent.com/research/report/1170.html (This link is
Infected Systems Controlled Through Remote Administration Tools (Detected by EDR)
Remote administration tools are software for managing and controlling terminals at remote locations. The tools can be used as work-at-home solutions in circumstances such as the COVID-19 pandemic and for the purpose of controlling, managing, and repairing unmanned devices remotely. Such remote control tools used for legitimate purposes are called
Attackers Abusing Various Remote Control Tools
Overview Ordinarily, attackers install malware through various methods such as spear phishing emails with a malicious attachment, malvertising, vulnerabilities, and disguising the malware as normal software and uploading them to websites. The malware that is installed include infostealers which steal information from the infected system, ransomware which encrypts files to
Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter)
MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are
