ASEC Weekly Phishing Email Threat Trends (December 4th, 2022 – December 10th, 2022) Posted By jcleebobgatenet , December 22, 2022 The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and Honeypot. This post will cover the cases of distribution of phishing emails during the week from December 4th, 2022 to December 10th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act…
Phishing Email Disguised as a Well-Known Korean Airline Posted By jcleebobgatenet , December 7, 2022 The ASEC analysis team has recently discovered a phishing email that impersonates a well-known Korean airline to collect user credentials. The phishing email contains a notice on airline ticket payment, inducing the reader to connect to the disguised phishing page with specific ticket prices and details that implies that the sender has background information of the reader. The subject and the body of the email are shown below. When the attached HTML file is opened, a connection is made to…
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551 (2) Posted By jcleebobgatenet , September 29, 2021 The ASEC analysis team is back to continuously introduce DOC macro documents used by the TA551 group in attacks. The operation flow of macro documents hasn’t changed since its introduction in July. However, we have confirmed that in the most recent case, BazarLoader was distributed at the last step after the macro was run. First, to quote BazarLoader analysis report published in May by AhnLab: Excerpt from ATIP – BazarLoader Analysis Report ‘Abstract’ BazarLoader is a malware that downloads and…
Phishing Site Targeting Domestic E-mail Service Users (Part 2) Posted By jcleebobgatenet , June 22, 2021 The ASEC analysis team has been sharing information about various phishing e-mails in the ASEC blog. This time, the team aims to inform users about another discovered phishing site that targets domestic e-mail service users to distribute malware. The recently confirmed phishing site targets Naver Mail (mail.naver), Daum Mail (mail2.daum), and hiworks users to collect their information such as IDs, passwords, and user IPs. It then sends the information to the attacker’s e-mail. The top-level domain hxxp://za***if***i**pl*ce[.]com/ takes the form…
