Statistics Report on Malware Targeting Windows Database Servers in Q1 2026
Description. analysis of ASEC’s ASD logs for Q1 2026 showed a consistent trend of attacks against MS-SQL and MySQL. the number of attacks tended to decrease temporarily in February before increasing again in March. Purpose and Scope. this report summarizes the statistics of attacks targeting MS-SQL and MySQL servers installed
Statistical Report on Malware Targeting Windows Web Servers in Q1 2026
Description. AhnLab SEcurity intelligence Center (ASEC) analyzed the attack status and malware statistics of Windows web servers in the first quarter of 2026 based on AhnLab Smart Defense (ASD) logs. the analysis covers Internet Information Services (IIS) and Apache Tomcat web servers in Windows environments. command execution through the web
Proxyware Disguised as Notepad++ Tool
AhnLab SEcurity intelligence Center(ASEC) is monitoring Proxyjacking attacks and continuously disclosing distribution cases and IoCs identified in South Korea. The threat actor Larva‑25012, known for deploying Proxyware, has recently begun using malware disguised as a Notepad++ installer. In addition, the attacker is actively changing techniques to evade detection—such as injecting
RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign
Statistics Report on Malware Targeting Windows Web Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting poorly managed Windows web servers. This post will cover the damage status of Windows web servers that have become attack targets and the statistics of attacks that occurred against these
Statistics Report on Malware Targeting Windows Database Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting MS-SQL and MySQL servers installed on Windows operating systems. This post covers the damage status of MS-SQL and MySQL servers that have become attack targets and statistics on attacks against these
GeoServer, Where Various CoinMiner Attacks Occur
AhnLab SEcurity intelligence Center (ASEC) previously covered the case of threat actors exploiting the GeoServer vulnerability to install CoinMiner and NetCat through the “CoinMiner Attacks Exploiting GeoServer Vulnerability” blog. [1] The threat actors have been continuously targeting vulnerable GeoServers to install CoinMiner. This post will cover the identified cases of
ViperSoftX Attackers Target Monero
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attackers are installing coin miners to mine Monero cryptocurrency. ViperSoftX is a remote control malware that steals cryptocurrency wallet addresses. These attackers primarily distribute malware disguised as cracks or keygens for legitimate software, or as eBooks. In addition to ViperSoftX,
NKNShell Malware Distributed via VPN Website
AhnLab SEcurity intelligence Center (ASEC) has confirmed that malware has been uploaded to the website of a South Korean VPN provider. Based on the distribution method and characteristics of the malware used, this attack appears to be the work of the same threat actor who has been targeting South Korean
October 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware such as distribution volume, distribution methods, and disguising techniques, which were collected and analyzed for one month in October 2025. The following is a summary of the report. 1) Data Source and Collection Method AhnLab SEcurity intelligence
