Qakbot Being Distributed in Korea Through Email Hijacking Posted By suuzzane , April 13, 2023 AhnLab Security Emergency response Center (ASEC) has identified circumstances of Qakbot being distributed via malicious PDF files attached to forwarded or replies to existing emails. Qakbot banking malware is one of those that are continuously being distributed through various media. ASEC has covered the distribution trends of Qakbot over the years. As shown below, the distributed email has the form of a hijacked normal email where a reply is sent to the target user with a malicious file attached to it,…
3CX DesktopApp Supply Chain Attack Also Detected in Korea Posted By ASEC , April 11, 2023 On March 29, 2023, CrowdStrike announced that a threat group based in North Korea launched a supply chain attack through 3CX DesktopApp. [1] With this app, the threat actor installed an Infostealer in the target system. AhnLab Security Emergency response Center (ASEC) previously announced a 3CX DesktopApp supply chain attack in the following blog post alongside mitigation measures. [2] This post will provide an analysis of the malware used in the attacks and logs of their infection in Korea collected via AhnLab Smart Defense…