Persistent Threats from the Kimsuky Group Using RDP Wrapper
AhnLab SEcurity intelligence Center (ASEC) has previously analyzed cases of attacks by the Kimsuky group, which utilized the PebbleDash backdoor and their custom-made RDP Wrapper. The Kimsuky group has been continuously launching attacks of the same type, and this post will cover additional malware that have been identified. 1.
Security Issues in the Financial Sector in December 2024
This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. This includes the analysis of malware and phishing cases distributed to the financial sector, the Top 10 malware targeting the financial sector, and statistics on the industries of
Increase in Distribution of AutoIt Compile Malware via Phishing Emails
Overview AhnLab SEcurity intelligence Center (ASEC) releases weekly information about malware distributed via phishing emails under the title “Weekly Phishing Email Distribution Cases” on the ASEC Blog. While .NET-based malware was previously the most common type in EXE file distributions, there has been a recent surge in malware created
Report on Smishing-Based Mobile Security Threats
1. Overview Smartphones have become an essential tool in modern society and are at the center of everyday life. However, this has led to a continuous increase in malicious mobile crimes. Among them, smishing has become a major means of executing various crimes, including personal information theft, credential abuse, and
November 2024: Security Issues in the Financial Industry
This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. The article includes an analysis of malware and phishing cases distributed to the financial sector, the Top 10 malware targeting the financial sector, and statistics on the industries
Infostealer Logs Analysis Report
Notice The Infostealer Logs analysis report is a report that analyzes various Infostealer logs (RedLine, Raccoon, Vidar, Meta, etc.) collected from the deep and dark web including Telegram. Please note that the source and content of the report cannot be verified in part. Infostealer Logs Analysis Report
XLoader Executed Through JAR Signing Tool (jarsigner.exe)
Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of XLoader malware using the DLL side-loading technique. The DLL side-loading attack technique saves a normal application and a malicious DLL in the same folder path to enable the malicious DLL to also be executed when the application is run. The
Distribution of LummaC2 Infostealer Based on Legitimate Programs
LummaC2 is an Infostealer actively being distributed while being disguised as illegal software such as cracks, and its distribution and creation methods are changing continuously. It has recently been distributed by being inserted into legitimate programs, so caution is needed. Figure 1. Malware distribution page examples When LummaC2
October 2024 Security Issues in Korean & Global Financial Sector
This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry both in Korea and abroad. This article includes an analysis of malware and phishing cases distributed to the financial industry. It also provides a list of the top 10 malware strains targeting the
Analysis Report on the Latest Attack Cases by Kimsuky Group Exploiting PebbleDash and RDP Wrapper
Analysis Overview AhnLab SEcurity intelligence Center (ASEC) recently identified that the Kimsuky group is using the backdoor PebbleDash and RDP Wrapper in multiple attacks. The threat actor uses LNK during initial access to install PowerShell malware on the infected system. Once this process is complete, they install custom-made remote control
