Analysis Report on Larva-24011 Threat Actor’s Latest Attack Trend
Malware

Analysis Report on Larva-24011 Threat Actor’s Latest Attack Trend

1. Overview The Larva-24011 threat actor is targeting vulnerable systems to install CoinMiner and proxyware for financial gain. AhnLab Security Intelligence Center (ASEC) has recently observed that besides installing CoinMiner and proxyware, the threat actor is engaging in more attack cases of controlling infected systems and exfiltrating information such as

  • Nov 04 2024
Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)
Malware Vulnerabilities

Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)

HTTP File Server (HFS) is a program that provides a simple type of web service. Because it can provide web services with just an executable file without having to build a web server, it is often used for sharing files, allowing users to connect to the address through web browsers

  • Jun 28 2024
Threat Trend Report on Operation Thumb King – Larva-24001(Threat Group Newly Targeting Korean Corporations)
APT

Threat Trend Report on Operation Thumb King – Larva-24001(Threat Group Newly Targeting Korean Corporations)

Overview   Operation Thumb King is a cyberthreat campaign that has been launching attacks against South Korea since May 2023. While the malware structure and file names are similar to a previous Chinese threat group, the specific group has not been ascertained and so it has been given the temporary

  • May 24 2024
Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike
Malware

Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike

AhnLab Security Emergency response Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed. Because web servers are externally exposed for the purpose of providing web services to all available users, these become major attack targets for threat actors. Major examples of

  • Nov 14 2023
HiddenGh0st Malware Attacking MS-SQL Servers
Malware

HiddenGh0st Malware Attacking MS-SQL Servers

Gh0st RAT is a remote control malware developed by the C. Rufus Security Team from China. Due to its source code being publicly available, malware developers use it as a reference as they continue developing numerous variants that are still actively used in attacks. Although the source code is public,

  • Sep 14 2023
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
Malware

Gh0stCringe RAT Being Distributed to Vulnerable Database Servers

The ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers (MS-SQL, MySQL servers). This blog will explain the RAT malware named Gh0stCringe[1]. Gh0stCringe, also known as CirenegRAT, is one of the malware variants based on the code of Gh0st RAT. It was first discovered in December 2018,

  • Mar 08 2022