Statistical Report on Malware Targeting MS-SQL Servers in Q4 2024
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in Q4 2024,
Analysis Report on Larva-24011 Threat Actor’s Latest Attack Trend
1. Overview The Larva-24011 threat actor is targeting vulnerable systems to install CoinMiner and proxyware for financial gain. AhnLab Security Intelligence Center (ASEC) has recently observed that besides installing CoinMiner and proxyware, the threat actor is engaging in more attack cases of controlling infected systems and exfiltrating information such as
Statistical Report on Malware Targeting MS-SQL Servers in Q3 2024
OverviewStatistics1. Attacks Against MS-SQL Servers2. Categorization of Malware Used in Attacks 2.1. Trojan 2.2. HackTool 2.3. Backdoor 2.4. CoinMiner 2.5. Downloader & RansomwareConclusion Overview The ASEC analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will
Case of Attack Targeting MS-SQL Servers Abusing GotoHTTP
AhnLab SEcurity intelligence Center (ASEC) has been monitoring MS-SQL servers that are being managed inappropriately and recently discovered an attack case abusing GotoHTTP. 1. GotoHTTP Remote control tools are used to control systems remotely, providing features such as remote desktop and file transfer. AnyDesk, ToDesk, RuDesktop, TeamViewer, and
Statistical Report on Malware Targeting MS-SQL Servers in Q2 2024
Overview The ASEC analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers which have become the target of attacks based on the logs discovered in Q2 2024,
Analysis of Attack Case Installing SoftEther VPN on Korean ERP Server
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an attack case where a threat actor attacked the ERP server of a Korean corporation and installed a VPN server. In the initial compromise process, the threat actor attacked the MS-SQL service and later installed a web shell to maintain persistence and
Attacks Targeting MS-SQL Servers Detected by AhnLab EDR
MS-SQL servers are one of the main attack vectors used when targeting Windows systems because they use simple passwords and are open publicly to the external Internet. Threat actors find poorly managed MS-SQL servers and scan them before carrying out brute force or dictionary attacks to log in with administrator
Statistical Report on Malware Targeting MS-SQL Servers in Q1 2024
Overview The ASEC analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers which have become the target of attacks based on the logs discovered in Q1 2024,
Statistics Report on Malware Targeting MS-SQL in Q4 2023
Overview The ASEC analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers which have become the target of attacks based on the logs discovered in Q4 2023,
Analysis of MS-SQL Server Proxyjacking Cases
AhnLab Security Emergency response Center (ASEC) has recently discovered cases of proxyjacking targeting poorly managed MS-SQL servers. Publicly accessible MS-SQL servers with simple passwords are one of the main attack vectors used when targeting Windows systems. Typically, threat actors target poorly managed MS-SQL servers and attempt to gain access through
