Analysis of Trigona Threat Actor’s Latest Attack Cases
AhnLab SEcurity intelligence Center (ASEC) has covered the case of Trigona threat actors attacking MS-SQL servers in the past post, “Trigona Ransomware Threat Actor Uses Mimic Ransomware.”[1] In the attack cases, both Trigona and Mimic ransomware were used. However, while the email address used by the threat actor in the
Statistics Report on Malware Targeting Windows Database Servers in Q3 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs discovered in the third quarter
Proxyware Malware Being Distributed on YouTube Video Download Site – 2
AhnLab SEcurity intelligence Center (ASEC) has covered cases where Proxyware malware is distributed by sites posing as YouTube video download pages. Although the attack methods and malware installed are similar, the same attacker continues to distribute the malware, leading to the infection of numerous systems. The following blog posts detail
Proxyware Malware Being Distributed on YouTube Video Download Site
AhnLab SEcurity intelligence Center (ASEC) introduced a case of threat actors distributing proxyware through the advertising page of a freeware software site in the past blog post “DigitalPulse Proxyware Being Distributed Through Ad Pages” [1]. The same threat actor has been continuously distributing proxyware, and multiple infection cases have been
CoinMiner Attacks Exploiting GeoServer Vulnerability
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the unpatched GeoServer is still under continuous attack. Threat actors are scanning for vulnerable GeoServer and installing CoinMiner. ASEC has also identified cases of infection in South Korea. 1. GeoServer Remote Code Execution Vulnerability (CVE-2024-36401) GeoServer is an open-source Geographic Information
Statistics Report on Malware Targeting Windows Database Servers in Q2 2025
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs
Statistical Report on Malware Targeting Windows Web Servers in Q2 2025
Overview AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks against poorly managed Windows web servers. This report covers the current state of damage to Windows web servers which had become the target of attacks based on the logs identified
ViperSoftX Stealing Cryptocurrencies
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attacker is continuously distributing malware to users in Korea. ViperSoftX is a type of malware that resides in infected systems and is responsible for executing threat actors’ commands and stealing cryptocurrencies. ASEC previously published an analysis of a ViperSoftX attack
Analysis of T-Rex CoinMiner Attacks Targeting Internet Cafés in Korea
AhnLab SEcurity intelligence Center (ASEC) has recently identified cases of attacks installing CoinMiners in Korean Internet cafés. The threat actor is believed to have been active since 2022, and the attacks against Internet cafés have been occurring since the second half of 2024. The method of initial access is unknown,
Statistical Report on Malware Targeting MS-SQL Servers in 1Q 2025
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in 1Q 2025,
