Larva-24009 Threat Actor’s Spear Phishing Attack Case Report
AhnLab SEcurity intelligence Center (ASEC) recently confirmed that the Larva-24009 threat actor is carrying out spear phishing attacks targeting Korean users. The threat actor has been active since around 2023 and has been primarily using spear phishing attacks targeting global users. Yet it has been recently confirmed that there are
Threat Trend Report on APT Attacks (South Korea) – September 2024 Major Issues on APT Attacks in South Korea
This report covers classification and statistics on APT domestic attacks confirmed during the month of September 2024 and introduces the functions of each type. Below is a summary of some of the information. [Table of Contents] Overview Trends of APT Attacks in Korea Spear Phishing Attacks Using LNK Files Attacks Using
Malware Disguised as Browser Update
Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of malware disguised as a browser update targeting a wide range of users. This malware is distributed through infected websites, and when users visit these sites, malicious scripts are loaded. The scripts create fake update windows for browsers like Chrome or
Threat Trend Report on APT Attacks – July 2024 Major Issues on APT Attacks in South Korea
This report covers classification and statistics on APT domestic attacks confirmed during the month of July 2024 and introduces the functions of each type. Below is a summary of some of the information. [Table of Contents] Overview Trends of APT Attacks in Korea Spear Phishing Attacks Using LNK Files Attacks Using
APT Attacks Using Cloud Storage
AhnLab SEcurity intelligence Center (ASEC) has been sharing cases of attacks in which threat actors utilize cloud services such as Google Drive, OneDrive, and Dropbox to collect user information or distribute malware. [1][2][3] The threat actors mainly upload malicious scripts, RAT malware strains, and decoy documents onto the cloud servers to
LNK File Disguised as Certificate Distributing RokRAT Malware
AhnLab SEcurity intelligence Center (ASEC) has confirmed the continuous distribution of shortcut files (*.LNK) of abnormal sizes that disseminate backdoor-type malware. The recently confirmed shortcut files (*.LNK) are found to be targeting South Korean users, particularly those related to North Korea. The confirmed LNK file names are as follows: National
Distribution of VenomRAT (AsyncRAT) Impersonating Korean IT Companies
AhnLab SEcurity intelligence Center (ASEC) found a shortcut file (.lnk) that downloads AsyncRAT (VenomRAT). In order for the LNK file to disguise itself as a legitimate Word file, it was distributed with the name ‘Survey.docx.lnk’ inside a compressed file which also contained a legitimate text file. Above all, users need
Distribution of Malicious LNK File Disguised as Producing Corporate Promotional Materials
Recently, AhnLab Security Emergency response Center (ASEC) has identified a malicious LNK file being distributed to financial and blockchain corporation personnel through email and other ways. The malicious LNK file is distributed via URLs and AhnLab Smart Defense (ASD) has confirmed the following URLs. Download URLshxxps://file.lgclouds001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.lgclouds001[.]com/read/?[email-account]&zw=blockchain%20corporate%20solution%20handbook%20production.zip)hxxps://file.ssdrive001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.ssdrive001[.]com/read/?[email-account]&zw=blockchain20corporate%20solution%20solution%20production.zip)
Warning Against Distribution of Malware Impersonating a Public Organization (LNK)
AhnLab Security Emergency response Center (ASEC) observed the distribution of malicious shortcut (*.lnk) files impersonating a public organization. The threat actor seems to be distributing a malicious script (HTML) file disguised as a security email by attaching it to emails. These usually target individuals in the field of Korean reunification
Malicious LNK File Being Distributed, Impersonating the National Tax Service
AhnLab Security Emergency response Center (ASEC) has discovered circumstances of a malicious LNK file impersonating the National Tax Service being distributed. Distribution using LNK files is a method that has been used in the past, and recently, there have been multiple cases of distribution to Korean users. The recently identified
