Kimsuky Group Uses ADS to Conceal Malware Posted By Vanish , March 29, 2023 AhnLab Security Emergency response Center (ASEC) has discovered that the Kimsuky group is using Alternate Data Stream (ADS) to hide their malware. This malware is an Infostealer that collects data by starting the VBScript included inside an HTML file. It can be characterized by its tendency to add the actual code between numerous dummy codes. Figure 1. Part of the initially executed script The following commands are executed in the terminal to collect and transmit data. hostname systeminfo net user…
Kimsuky Group Distributes Malware Disguised as Profile Template (GitHub) Posted By Vanish , March 29, 2023 AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of a malicious Word file disguised as a profile template from emails impersonating a certain professor. ‘[Attachment] Profile Template.doc’ is the filename of the password-protected Word file that was discovered, with the password itself being included in the body of the email. Figure 1. Original email Figure 2. Part of the Word file contents Figure 3. File properties A malicious VBA macro is contained within the Word file, which, upon…
Overview of AhnLab’s Response to Joint Cybersecurity Advisory Between South Korea and the United States on North Korean Ransomware Posted By Soojin Choi , February 17, 2023 On February 10, intelligence agencies from South Korea and the United States announced a cybersecurity advisory in regard to ransomware attacks from North Korea. It is the first joint report between the South Korean National Intelligence Service and the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) to raise awareness of cyberattacks from North Korea and protect both countries from ransomware. Title: Ransomware…