Analysis of Gunra Ransomware Using Vulnerable Random Number Generation Function (Distributed for Linux Environments in ELF Format)
The Gunra ransomware group, which began its activities in April 2025, has been launching continuous attacks against various industries and companies around the world. Cases of damage have been reported in Korea as well. The distributed Gunra ransomware is available in two formats: an EXE file format for Windows environments
Analysis of Qilin Ransomware Using Selective Encryption Algorithm (Distributed Targeting Linux, ELF Type)
There has recently been a surge in the tendency for attacks targeting Korean asset and investment management companies. As described in this report, the ransomware encrypts files with an AES symmetric key and then encrypts that AES symmetric key with an RSA public key. This means that the possibility of
Statistics Report of Malware Targeting Linux SSH Servers in Q3 2025
AhnLab SEcurity intelligence Center (ASEC) is using a honeypot to respond to and categorize brute-force and dictionary attacks that target poorly managed Linux SSH servers. This post covers the status of the attack sources identified in logs from the third quarter of 2025 and the statistics of attacks performed by
Linux Kernel Security Update Advisory (CVE-2025-21692)
Overview We have released a security update to address a vulnerability in the Linux kernel. Affected product users are advised to update to the latest version. Affected Products CVE-2025-21692 Linux Kernel Version: 5.6 and later Resolved Vulnerabilities Index Overrange Vulnerability in ETS Qdisc in
Detecting Malware Exploiting Linux PAM through AhnLab EDR
Pluggable Authentication Modules (PAM) is a modular framework that allows applications such as su, sudo, and sshd to perform security policy logic such as authentication without implementing it directly. Applications delegate authentication to the libpam library, which then loads and executes PAM modules according to the configuration information before aggregating
Attacks Targeting Linux SSH Servers to Install SVF DDoS Bot
AhnLab SEcurity intelligence Center (ASEC) is monitoring attacks targeting poorly managed Linux servers by utilizing multiple honeypots. One of the most common honeypots is the SSH service using weak credentials, and a large number of DDoS and CoinMiner threat actors are attacking this service. ASEC has recently identified a case
Sudo Security Update Advisory (CVE-2025-32463)
Overview we have released a security update that addresses a vulnerability in sudo. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-32463 Sudo Versions: 1.9.14 and above and 1.9.17p1 and below Resolved Vulnerabilities Root privilege escalation vulnerability
Analysis of Attacks Targeting Linux SSH Servers for Proxy Installation
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked
AhnLab Detection Information on BPFDoor Exploited in Recent Hacking Attacks and KISA Hash Notice
BPFDoor is a Linux-based backdoor malware. AhnLab previously published their EDR detection information on this malware through the ASEC blog in October 2024. KISA recently shared threat information and warnings on BPFDoor, which has been exploited in hacking attacks. V3 detection information on the hash values shared by KISA in
Linux Kernel Security Update Advisory (CVE-2025-21756)
Overview We have released a security update to address a vulnerability in the Linux kernel. Affected product users are advised to update to the latest version. Affected Products CVE-2025-21756 Linux Kernel Versions: 6.6.79 and earlierLinux Kernel Versions: 6.12.16 and earlierLinux Kernel Version: 6.13.4 and earlierLinux Kernel Version:
