APT Attack Cases of Kimsuky Group (PebbleDash)
APT

APT Attack Cases of Kimsuky Group (PebbleDash)

The ASEC analysis team has been keeping an eye on the trend of malware that attempts APT attacks, sharing findings on the blog. In this confirmed case, PebbleDash backdoor was used in the attack, but logs of AppleSeed, Meterpreter, and other additional malware strains were also found. PebbleDash Backdoor The

  • Dec 21 2021
Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)
APT

Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)

This document is an analysis report on types of malware recently utilized by the Kimsuky group. The Kimsuky group is mainly known for launching social engineering attacks such as spear phishing. Judging by the names of the attached files, the group seems to be targeting those working in the fields

  • Nov 16 2021
Discovery of Continuous Distribution of North Korea-related Malicious Word Files
APT Malware

Discovery of Continuous Distribution of North Korea-related Malicious Word Files

The ASEC analysis team has discovered the continuous distribution of malicious Word files containing North Korea-related materials. The macro code inside the Word file is similar to the one that was introduced in the previous post, <‘Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’>. The

  • Oct 29 2021
Word Document Titled ‘BIO Form’ Being Distributed
Malware

Word Document Titled ‘BIO Form’ Being Distributed

Since last month, the ASEC analysis team has been continuously uploading posts about APT attacks using word documents. Recently, it found that the malware of the same type is being constantly distributed in the name of ‘BIO form.’ By looking at the distribution history of previous word documents, we can

  • Aug 03 2021
Attacker Distributing Malicious Word Document Written as Compensation Claim Form
Malware

Attacker Distributing Malicious Word Document Written as Compensation Claim Form

A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in

  • Jun 09 2021
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant
Malware

[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant

In November last year, there was a case that shocked not only the security industry, but also all of the Korean industries. The system of E-Land Group, the distribution giant, was infected by the ‘CLOP Ransomware.’ According to the press report that quoted an associate of the company, over half

  • Jan 05 2021