2023 Sep – Threat Trend Report on APT Groups Posted By ahnlabti , November 13, 2023 In this report, we cover nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions including AhnLab during the previous month; however, the content of some APT groups may not…
Threat Trend Report on APT Groups – May 2023 Posted By ahnlabti , July 7, 2023 The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups
Kimsuky Distributing CHM Malware Under Various Subjects Posted By gygy0101 , June 21, 2023 AhnLab Security Emergency response Center (ASEC) has continuously been tracking the Kimsuky group’s APT attacks. This post will cover the details confirmed during the past month of May. While the Kimsuky group often used document files for malware distribution, there have been many recent cases where CHM files were used in distribution. Also, unlike in the past when the document files contained North Korea-related topics, the group is now attempting to attack using a variety of subjects. (1) Cases of…
Chinese Hacker Group Stealing Information From Korean Companies Posted By AhnLab_en , May 15, 2023 Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial intelligence. It is assumed that the threat group that carried out the hacking attack is a Chinese hacker group like Xiaoqiying and Dalbit, as a Chinese text file containing instructions…
Overview of AhnLab’s Response to Joint Cybersecurity Advisory Between South Korea and the United States on North Korean Ransomware Posted By Soojin Choi , February 17, 2023 On February 10, intelligence agencies from South Korea and the United States announced a cybersecurity advisory in regard to ransomware attacks from North Korea. It is the first joint report between the South Korean National Intelligence Service and the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) to raise awareness of cyberattacks from North Korea and protect both countries from ransomware. Title: Ransomware…
