Analysis on the Case of TIDRONE Threat Actor’s Attacks on Korean Companies
AhnLab SEcurity intelligence Center (ASEC) has recently identified that the TIDRONE threat actor is launching attacks against companies. In the attack cases, Enterprise Resource Planning (ERP) software was exploited to install a backdoor malware called CLNTEND. TIDRONE is a threat group known for targeting Taiwanese defense companies and drone manufacturers.
Analysis of Attack Case Installing SoftEther VPN on Korean ERP Server
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an attack case where a threat actor attacked the ERP server of a Korean corporation and installed a VPN server. In the initial compromise process, the threat actor attacked the MS-SQL service and later installed a web shell to maintain persistence and
