Threat Actors Installing Linux Backdoor Accounts
AhnLab SEcurity intelligence Center (ASEC) is using a Linux SSH honeypot to monitor attacks against unspecified Linux systems. Threat actors install malware by launching brute force and dictionary attacks against Linux systems that are poorly managed, such as using default settings or having a simple password. While there is a
Statistics Report on Malware Threat in Q4 2023
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023. The malware included in the statistics are in the executable format. These were reported
Distribution of Phishing Email Under the Guise of Personal Data Leak (Konni)
AhnLab Security Emergency response Center (ASEC) recently identified the distribution of a malicious exe file disguised as material related to a personal data leak, targeting individual users. The final behavior of this malware could not be observed because the C2 was closed, but the malware is a backdoor that receives
Kimsuky Targets South Korean Research Institutes with Fake Import Declaration
AhnLab Security Emergency response Center (ASEC) has recently identified that the Kimsuky threat group is distributing a malicious JSE file disguised as an import declaration to research institutes in South Korea. The threat actor ultimately uses a backdoor to steal information and execute commands. The file name of the dropper
RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release
The AhnLab Security Emergency response Center (ASEC) analysis team has recently discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group, is being distributed again. The CHM malware in distribution operates in a similar way to the “CHM Malware Disguised as Security Email
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
Rekoobe is a backdoor known to be used by APT31, a threat group based in China. AhnLab Security Emergency Response Center (ASEC) has been receiving reports of the Rekoobe malware from tenants in Korea for several years, and will hereby share its brief analysis. Additionally, the Rekoobe variants will be
Tonto Team Using Anti-Malware Related Files for DLL Side-Loading
The Tonto Team is a threat group that targets mainly Asian countries, and has been distributing Bisonal malware. AhnLab Security Emergency response Center (ASEC) has been tracking the Tonto Team’s attacks on Korean education, construction, diplomatic, and political institutions. Recent cases have revealed that the group is using a file
Attackers Abusing Various Remote Control Tools
Overview Ordinarily, attackers install malware through various methods such as spear phishing emails with a malicious attachment, malvertising, vulnerabilities, and disguising the malware as normal software and uploading them to websites. The malware that is installed include infostealers which steal information from the infected system, ransomware which encrypts files to
Malicious CHM Being Distributed to Korean Universities
The ASEC analysis team discovered that a malicious CHM file targeting certain Korean universities is distributed on a massive scale. The file that is being distributed is the same type as the one discussed in a post uploaded in May. Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application
AppleSeed Being Distributed to Maintenance Company of Military Bases
The ASEC analysis team has recently discovered a case of AppleSeed being distributed to a certain maintenance company of military bases. AppleSeed is a backdoor malware mainly used by the Kimsuky group and is actively being distributed to multiple attack targets as of late. AppleSeed Disguised as Purchase Order and
