exploit

Analysis of APT Attack Cases Targeting Web Services of Korean Corporations

Web servers are vulnerable to attacks because they are publicly accessible to a wide range of users for the purpose of delivering web services. This accessibility makes them a prime target for threat actors. AhnLab Security Emergency response Center (ASEC) is monitoring attacks targeting vulnerable web servers that have not been patched or are poorly managed. In this post, we have compiled APT attack cases where the web servers of Korean corporations were continuously targeted over the years. We have…

Microsoft Office Outlook Vulnerability (CVE-2023-23397) Appearance and Manual Measure Guide

AhnLab Security Emergency response Center (ASEC) recently published a notice about a Microsoft Office Outlook vulnerability. CVE-2023-23397 is a vulnerability that leaks a user’s account credentials upon receiving an email and triggering a notification. The stolen information includes the ‘NTLM’ hash value, which contains the password hashing information for the logged-in account. Threat actors can exploit this information for internal propagation and further compromise of the system. The application of security patches is essential to prevent the exposure of vulnerabilities,…

PlugX Malware Being Distributed via Vulnerability Exploitation

ASEC (AhnLab Security Emergency response Center) has recently discovered the installation of the PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. Sunlogin’s remote code execution vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is still being used for attacks even now ever since its exploit code was disclosed. The team previously made a post about how Sliver C2, XMRig CoinMiner, and Gh0st RAT were being distributed through the Sunlogin RCE vulnerability. Additionally, since Gh0st RAT was developed…

Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers

The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. Atlassian’s Confluence is a major collaboration platform used by many companies across the globe. Being a web-based platform, services such as managing projects and collaboration are mainly provided by Confluence Servers (or Confluence Data Centers). As it is a solution used by many companies, many vulnerabilities targeting vulnerable Confluence Servers and…

Follina Vulnerability (CVE-2022-30190) Attack Using ‘Antimicrobial Film Request’ File

On June 7th, the ASEC analysis team swiftly uploaded a brief introduction of a zero-day vulnerability for Microsoft Office files (Follina). As the patch for the vulnerability is not distributed yet, users are advised to take caution. Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190) AhnLab has distributed a detection rule for attack attempts exploiting the vulnerability from the perspectives of file and behavior detections. The vulnerability can be detected by various AhnLab products (V3, MDS, and EDR). While the team…