Magniber Ransomware’s Relaunch Technique Posted By ohmintaek , February 24, 2023 ASEC (AhnLab Security Emergency Response Center) has been constantly monitoring the Magniber ransomware which has been displaying a high number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years, but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) in Edge and Chrome browsers. There have been recent reports of systems being reinfected by Magniber. Analysis revealed…
Tracking Distribution Site of Magniber Ransomware Using EDR Posted By cka0 , February 17, 2023 AhnLab ASEC has been blocking the Magniber ransomware through various means since its distribution has continued even after, “Redistribution of Magniber Ransomware in Korea (January 28th),” was posted back in January. A particular finding at the time was that the ransomware used the <a> tag to bypass domain blocks. In order to detect this, we have researched response measures by tracking the distribution site URL through a different method. The team is working hard to prevent damages through means such…
Overview of AhnLab’s Response to Joint Cybersecurity Advisory Between South Korea and the United States on North Korean Ransomware Posted By Soojin Choi , February 17, 2023 On February 10, intelligence agencies from South Korea and the United States announced a cybersecurity advisory in regard to ransomware attacks from North Korea. It is the first joint report between the South Korean National Intelligence Service and the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) to raise awareness of cyberattacks from North Korea and protect both countries from ransomware. Title: Ransomware…
Continuous Distribution of LockBit 2.0 Ransomware Disguised as Resumes Posted By kwonxx , February 15, 2023 The ASEC analysis team has identified that Lockbit 2.0 is being distributed in a MalPE format instead of the NSIS format which the team had introduced it with previously. The MalPE format is a type of packing method that disrupts the analysis of the actual malware. It then decrypts and executies its PE files through an internal shell code. We have recently discovered during our monitoring of ransomware that the distribution of LockBit has risen since January. As it was…
Paradise Ransomware Distributed Through AweSun Vulnerability Exploitation Posted By Sanseo , February 15, 2023 The ASEC analysis team has recently discovered the distribution of Paradise ransomware. The threat actors are suspected to be utilizing a vulnerability exploitation of the Chinese remote control program AweSun. In the past, the team also found and covered the distribution of Sliver C2 and BYOVD through a Sunlogin vulnerability, a remote control program developed in China. 1. AweSun Vulnerability Exploitation The installation of Sliver C2 through the AweSun remote control program developed by AweRay was also discovered to have…
