Phishing Email Attacks by the Larva-24005 Group Targeting Japan
AhnLab SEcurity intelligence Center (ASEC) has identified the behavior of Larva-24005 breaching servers in Korea and then establishing a web server, database, and PHP environment for sending phishing emails. Larva-24005 is using the attack base to target not only South Korea but also Japan. The main targets are those
Threat Trend Report on APT Groups
The following are the main APT groups and their cases based on the analysis reports released by security companies and organizations in January 2025. 1. Andariel The Andariel group has executed an attack using the RID Hijacking technique to escalate account privileges and create hidden accounts.[1] RID Hijacking
2024 MSC Malware Trend Report
With the decrease in distribution of MS Office document-type malware, the distribution of malware in various formats such as LNK and CHM is on the rise. In the second quarter of this year, malware in the MSC (snap-ins/Management Saved Console) file format used in Microsoft Management Console (MMC) was identified.
APT Group Trends in October 2024
The following are the main APT groups and their cases based on the analysis reports released by security companies and organizations in October 2024. 1. Andariel Symantec’s Threat Hunter Team has found evidence that the Andariel group is launching financially motivated attacks against companies in the United
Analysis Report on the Latest Attack Cases by Kimsuky Group Exploiting PebbleDash and RDP Wrapper
Analysis Overview AhnLab SEcurity intelligence Center (ASEC) recently identified that the Kimsuky group is using the backdoor PebbleDash and RDP Wrapper in multiple attacks. The threat actor uses LNK during initial access to install PowerShell malware on the infected system. Once this process is complete, they install custom-made remote control
Kimsuky Group’s Malware Disguised as Lecture Request Form (MSC, HWP)
Recently, malware disguised as a lecture request form targeting specific users was identified. The distributed files include Hangul Word Processor (HWP) documents and files in MSC format, which download additional malicious files. Decoy document files used to disguise as legitimate documents have been found to sometimes contain personal information, suggesting
APT Attack Disguised as a Research Paper on Russia-North Korea Partnership (Kimsuky)
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an APT attack targeting Korean users. During the attack, the threat actor used a GitHub repository, which was uploaded with various malicious scripts and normal decoy files used for the attack. Figure 1. Threat actor’s GitHub repository Malicious behaviors are performed
Threat Trend Report on APT Groups – July 2024 Major Issues on APT Groups
Purpose and Scope This report covers nation-led threat groups presumed to conduct cyber espionage or sabotage under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cybercriminal groups aiming
Threat Trend Report on APT Groups – April 2024 Major Issues on APT Groups
The cases of major APT groups for April 2024 gathered from materials made public by security companies and institutions are as follows. 1) APT28 (Forest Blizzard) Microsoft Threat Intelligence released the results of the investigation on the activities of APT28, a Russia-based threat actor.[1] This group has been
Threat Trend Report on APT Groups – March 2024 Major Issues on APT Groups
The cases of major APT groups for March 2024 gathered from materials made public by security companies and institutions are as follows. 1) Andariel ASEC announced that the Andariel group is launching attacks using IMON Client and NetClient (Korean asset management solutions).[1] The group used self-developed malware strains
