Detecting Akira Ransomware Attack Using AhnLab EDR
Akira is a relatively new ransomware threat actor that has been active since March 2023. Like other ransomware threat actors, they breach organizations and not only encrypt their files but also exfiltrate sensitive information to use in negotiations. As shown in the following 2024 statistics, the number of companies affected
Proxy Tools Detected by AhnLab EDR
After gaining control over infected systems, threat actors may also perform remote screen control using RDP. This is partly for convenience but can also serve the purpose of maintaining persistence. If the RDP service is not active during the attack process, threat actors may install RDP Wrappers, steal existing account
Kimsuky Group’s New Backdoor (HappyDoor)
Table of Contents Overview Distribution Method and Changes Distribution Method Changes of HappyDoor Detailed Analysis Summary Characteristics Registry Data Packet Data Packet Structure and Server Operation Method Features Information Theft Backdoor Conclusion This report is a summarized version of “Analysis Report of Kimsuky Group’s HappyDoor Malware” introduced in AhnLab Threat
