Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)
APT Malware

Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)

AhnLab SEcurity intelligence Center (ASEC) has recently discovered Andariel APT attack cases against Korean corporations and institutes. Targeted organizations included educational institutes and manufacturing and construction businesses in Korea. Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks. The threat actor probably used these

  • May 16 2024
Kimsuky Group Using Meterpreter to Attack Web Servers
APT

Kimsuky Group Using Meterpreter to Attack Web Servers

AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of malware targeting web servers by Kimsuky group. Kimsuky is a threat group deemed supported by North Korea and has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a Korean

  • May 15 2023
Chinese Hacker Group Stealing Information From Korean Companies
APT Malware

Chinese Hacker Group Stealing Information From Korean Companies

Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial

  • May 04 2023
Attackers Profiting from Proxyware
Malware

Attackers Profiting from Proxyware

Proxyware is a program that shares a part of the Internet bandwidth that is currently available on a system to others. Users who install the program are usually paid with a certain amount of cash in exchange for providing the bandwidth. Companies that provide such a service include Peer2Profit and

  • Jul 22 2022
SystemBC Being Used by Various Attackers
Malware

SystemBC Being Used by Various Attackers

SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious

  • Apr 04 2022
Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)
APT

Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)

This document is an analysis report on types of malware recently utilized by the Kimsuky group. The Kimsuky group is mainly known for launching social engineering attacks such as spear phishing. Judging by the names of the attached files, the group seems to be targeting those working in the fields

  • Nov 16 2021