Persistent Threats from the Kimsuky Group Using RDP Wrapper
AhnLab SEcurity intelligence Center (ASEC) has previously analyzed cases of attacks by the Kimsuky group, which utilized the PebbleDash backdoor and their custom-made RDP Wrapper. The Kimsuky group has been continuously launching attacks of the same type, and this post will cover additional malware that have been identified. 1.
Statistical Report on Malware Targeting Windows Web Servers in Q4 2024
Overview AhnLab SEcurity intelligence Center (ASEC) responds to and classifies attacks that target inappropriately managed Windows web servers by utilizing the AhnLab Smart Defense (ASD) infrastructure. This post covers the damage status of Windows web servers that have been targeted in attacks and provides statistics on the attacks based on
Statistical Report on Malware Targeting MS-SQL Servers in Q4 2024
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in Q4 2024,
Proxy Tools Detected by AhnLab EDR
After gaining control over infected systems, threat actors may also perform remote screen control using RDP. This is partly for convenience but can also serve the purpose of maintaining persistence. If the RDP service is not active during the attack process, threat actors may install RDP Wrappers, steal existing account
Analysis Report on Larva-24011 Threat Actor’s Latest Attack Trend
1. Overview The Larva-24011 threat actor is targeting vulnerable systems to install CoinMiner and proxyware for financial gain. AhnLab Security Intelligence Center (ASEC) has recently observed that besides installing CoinMiner and proxyware, the threat actor is engaging in more attack cases of controlling infected systems and exfiltrating information such as
Analysis Report on the Latest Attack Cases by Kimsuky Group Exploiting PebbleDash and RDP Wrapper
Analysis Overview AhnLab SEcurity intelligence Center (ASEC) recently identified that the Kimsuky group is using the backdoor PebbleDash and RDP Wrapper in multiple attacks. The threat actor uses LNK during initial access to install PowerShell malware on the infected system. Once this process is complete, they install custom-made remote control
Analysis Report on APT Attack Cases Using noMu Backdoor
AhnLab SEcurity intelligence Center (ASEC) has recently identified attack cases where an unknown threat actor installed various remote control malware targeting Korean users and systems. The threat actor used a range of reverse shells, backdoors, and VNC malware strains, and also utilized RDP for remote screen control. Among the malware
Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)
AhnLab SEcurity intelligence Center (ASEC) has recently discovered Andariel APT attack cases against Korean corporations and institutes. Targeted organizations included educational institutes and manufacturing and construction businesses in Korea. Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks. The threat actor probably used these
Kimsuky Group Using Meterpreter to Attack Web Servers
AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of malware targeting web servers by Kimsuky group. Kimsuky is a threat group deemed supported by North Korea and has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a Korean
Chinese Hacker Group Stealing Information From Korean Companies
Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial
