Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) Posted on May 19, 2022 In December last year, the vulnerability (CVE-2021-44228) of Java-based logging utility Log4j became a worldwide issue. It is a remote code execution vulnerability that can include the remote Java object address in the log message and send it to the server using Log4j to run the Java object in the server. The ASEC analysis team is monitoring the Lazarus group’s attacks on targets in Korea. In April, the team discovered an attack group suspected of being Lazarus distributing NukeSped by…
New Malware of Lazarus Threat Actor Group Exploiting INITECH Process Posted on April 26, 2022 The AhnLab ASEC analysis team has discovered that there are 47 companies and institutions—including defense companies—infected with the malware distributed by the Lazarus group in the first quarter of 2022. Considering the severity of the situation, the team has been monitoring the infection cases. In systems of the organizations infected with the malware, it was found that malicious behaviors stemmed from the process of INITECH (inisafecrosswebexsvc.exe), the security company. The team initially secured the following information of inisafecrosswebexsvc.exe from the…
Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash) Posted on January 5, 2022 This document is an analysis report on types of malware recently utilized by the Kimsuky group. The Kimsuky group is mainly known for launching social engineering attacks such as spear phishing. Judging by the names of the attached files, the group seems to be targeting those working in the fields related to North Korea and foreign affairs. According to the scan logs of AhnLab’s ASD infrastructure, the threat group has been mainly targeting personal users rather than companies, but has…