RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release Posted By gygy0101 , September 8, 2023 The AhnLab Security Emergency response Center (ASEC) analysis team has recently discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group, is being distributed again. The CHM malware in distribution operates in a similar way to the “CHM Malware Disguised as Security Email from a Korean Financial Company”[1] covered in March of this year and also uses the same commands used in the “2.3. Persistence”[2] stage in the attack process of the RedEyes…
Threat Trend Report on APT Groups – May 2023 Posted By ahnlabti , July 7, 2023 The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups
RedEyes Group Wiretapping Individuals (APT37) Posted By muhan , June 21, 2023 1. Overview RedEyes (also known as APT37, ScarCruft, and Reaper) is a state-sponsored APT group that mainly carries out attacks against individuals such as North Korean defectors, human rights activists, and university professors. Their task is known to be monitoring the lives of specific individuals. In May 2023, AhnLab Security Emergency response Center (ASEC) discovered the RedEyes group distributing and using an Infostealer with wiretapping features that was previously unknown along with a backdoor developed using GoLang that exploits the…
RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft) Posted By bghjmun , April 26, 2023 AhnLab Security Emergency response Center (ASEC) confirmed that the RedEyes threat group (also known as APT37, ScarCruft), which distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month, has also recently distributed the RokRAT malware through LNK files. RokRAT is malware that is capable of collecting user credentials and downloading additional malware. The malware was once distributed through HWP and Word files. The LNK files that were discovered this time contain PowerShell commands that can perform malicious…
Malware Distributed Disguised as a Password File Posted By ye_eun , March 17, 2023 AhnLab Security Emergency response Center (ASEC) discovered a malware strain disguised as a password file and being distributed alongside a normal file within a compressed file last month. It is difficult for users to notice that this file is malicious because this type of malware is distributed together with a normal file. The recently discovered malware was in CHM and LNK file formats. In the case of the CHM file, it shares the same type as the malware covered in…