Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter)
MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are
Cobalt Strike Being Distributed to Unsecured MS-SQL Servers (2)
The ASEC analysis team has uploaded a post on February 21st about distribution of Cobalt Strike via unsecured MS-SQL servers. Cobalt Strike Being Distributed to Unsecured MS-SQL Servers As for the current case, the distributed Cobalt Strike had a different process tree compared to the previous distribution method. The current
Cobalt Strike Being Distributed to Unsecured MS-SQL Servers
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting unsecured MS-SQL servers. MS-SQL server is a typical database server of the Windows environment, and it has consistently been a target of attack from the past. Attacks that target MS-SQL servers include attacks to the environment where
Forensic Analysis of Breaches that Used Cobalt Strike and MS Exchange Server Vulnerability
The ASEC analysis team is consistently monitoring the activities of Cobalt Strike, one of the trending cybersecurity issues that were discussed in previous blog posts regarding its distribution to Korean companies. (The link to a previous blog post can be found at the bottom of this post.) While monitoring Cobalt
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551 (2)
The ASEC analysis team is back to continuously introduce DOC macro documents used by the TA551 group in attacks. The operation flow of macro documents hasn’t changed since its introduction in July. However, we have confirmed that in the most recent case, BazarLoader was distributed at the last step after
Excel Files Becoming More Sophisticated (Distribution of Dridex and Cobalt Strike)
The distribution method of Dridex through Excel files has been steadily discovered since last year and was introduced on this blog. Recently, the ASEC analysis team found that the Cobalt Strike tool along with Dridex is being distributed with a similar method as before. Yet unlike previous cases, recent Excel
More Companies being Targeted by Ransomware! Cases of Ransomware Attacks Against Company Systems
The number of cyberattacks targeting companies is increasing day by day. Just this May, the United States’ largest private pipeline company was attacked by ransomware, resulting in the shutdown of the entire pipeline facility. A well-known domestic delivery platform company also suffered from a ransomware attack, affecting hundreds and thousands
Cobalt Strike Targeting Korean Companies Being Distributed (Part 2)
The ASEC analysis team is monitoring attacks that utilize the Cobalt Strike hacking tool. In this article, the team will examine the latest Cobalt Strike attacks which were confirmed after the publishing of the past article that introduced the Cobalt Strike hacking tool. An attack confirmed on April 23 revealed
BlueCrab Ransomware Installing Hacking Tool CobaltStrike in Corporate Environments
The ASEC analysis team confirmed that during the BlueCrab ransomware (=Sodinokibi, REvil) infection process, which is distributed in JS form, the CobaltStrike hacking tool was distributed under certain conditions. CobaltStrike hacking tool is a limited tool used for mock hacking test purposes under legitimate purposes; however, it has been actively
![[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant](https://asec.ahnlab.com/wp-content/uploads/2021/01/15_cyber-threat_01.png)
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant
In November last year, there was a case that shocked not only the security industry, but also all of the Korean industries. The system of E-Land Group, the distribution giant, was infected by the ‘CLOP Ransomware.’ According to the press report that quoted an associate of the company, over half
