Larva-24009 Threat Actor’s Spear Phishing Attack Case Report
AhnLab SEcurity intelligence Center (ASEC) recently confirmed that the Larva-24009 threat actor is carrying out spear phishing attacks targeting Korean users. The threat actor has been active since around 2023 and has been primarily using spear phishing attacks targeting global users. Yet it has been recently confirmed that there are
APT Attack Disguised as a Research Paper on Russia-North Korea Partnership (Kimsuky)
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an APT attack targeting Korean users. During the attack, the threat actor used a GitHub repository, which was uploaded with various malicious scripts and normal decoy files used for the attack. Figure 1. Threat actor’s GitHub repository Malicious behaviors are performed
Distribution of MSIX Malware Disguised as Notion Installer
An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage. The user gets a file named “Notion-x86.msix” upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.
Distribution of Remcos RAT Disguised as Tax Invoice
The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short message written in awkward grammar.
