Analysis of T-Rex CoinMiner Attacks Targeting Internet Cafés in Korea
AhnLab SEcurity intelligence Center (ASEC) has recently identified cases of attacks installing CoinMiners in Korean Internet cafés. The threat actor is believed to have been active since 2022, and the attacks against Internet cafés have been occurring since the second half of 2024. The method of initial access is unknown,
Statistical Report on Malware Targeting MS-SQL Servers in 1Q 2025
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in 1Q 2025,
Statistical Report on Malware Targeting Windows Web Servers in Q1 2025
Overview AhnLab SEcurity intelligence Center (ASEC) responds to and classifies attacks that target inappropriately managed Windows web servers by utilizing the AhnLab Smart Defense (ASD) infrastructure. This post covers the damage status of Windows web servers that have been targeted in attacks and provides statistics on the attacks based on
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
On November 29, 2024, a case was disclosed in which threat actors impersonated a recruitment email from a developer community called Dev.to to distribute malware. [1] In this case, the attacker provided a BitBucket link containing a project, and the victim discovered malicious code within the project and disclosed it
Warning Against Phishing Emails Distributing GuLoader Malware by Impersonating a Famous International Shipping Company
AhnLab SEcurity intelligence Center (ASEC) recently identified the distribution of GuLoader malware via a phishing email by impersonating a famous international shipping company. The phishing email was obtained through the email honeypot operated by ASEC. The mail body instructs users to check their post-paid customs tax and demands them to
DigitalPulse Proxyware Being Distributed Through Ad Pages
AhnLab SEcurity intelligence Center (ASEC) has recently confirmed that proxyware is being installed through advertisement pages of freeware software sites. The proxyware that is ultimately installed is signed with a Netlink Connect certificate, but according to the AhnLab analysis, it is identical to the DigitalPulse proxyware that was abused in
Statistical Report on Malware Targeting Windows Web Servers in Q4 2024
Overview AhnLab SEcurity intelligence Center (ASEC) responds to and classifies attacks that target inappropriately managed Windows web servers by utilizing the AhnLab Smart Defense (ASD) infrastructure. This post covers the damage status of Windows web servers that have been targeted in attacks and provides statistics on the attacks based on
Statistical Report on Malware Targeting MS-SQL Servers in Q4 2024
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in Q4 2024,
Warning Against Malware in SVG Format Distributed via Phishing Emails
AhnLab SEcurity Intelligence Center (ASEC) has recently identified multiple instances of malware being distributed in Scalable Vector Graphics (SVG) format. An SVG file is an XML-based file format that represents scalable vector graphics. SVG files are primarily used for icons, charts, and graphs, and they support the use of CSS
October 2024 Security Issues in Korean & Global Financial Sector
This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry both in Korea and abroad. This article includes an analysis of malware and phishing cases distributed to the financial industry. It also provides a list of the top 10 malware strains targeting the
