Threat Trend Report on APT Groups – April 2024 Major Issues on APT Groups
APT Trend

Threat Trend Report on APT Groups – April 2024 Major Issues on APT Groups

The cases of major APT groups for April 2024 gathered from materials made public by security companies and institutions are as follows.   1)  APT28 (Forest Blizzard)   Microsoft Threat Intelligence released the results of the investigation on the activities of APT28, a Russia-based threat actor.[1] This group has been

  • May 09 2024
Threat Trend Report on APT Groups – March 2024 Major Issues on APT Groups
APT Trend

Threat Trend Report on APT Groups – March 2024 Major Issues on APT Groups

The cases of major APT groups for March 2024 gathered from materials made public by security companies and institutions are as follows.   1)   Andariel   ASEC announced that the Andariel group is launching attacks using IMON Client and NetClient (Korean asset management solutions).[1] The group used self-developed malware strains

  • Apr 05 2024
Threat Trend Report on APT Groups – January 2024 Major Issues on APT Groups
APT Trend

Threat Trend Report on APT Groups – January 2024 Major Issues on APT Groups

     1)   APT28   Trend Micro revealed that the APT28 (Forest Blizzard, Pawn Storm) group executed NetNTLMv2 hash relay attacks exploiting the Outlook vulnerability (CVE-2023-23397) from April 2022 to November 2023 across various regions worldwide.1  The group targeted diplomatic, energy, national defense, transportation, labor, social welfare, financial, local council,

  • Feb 08 2024
2023 Dec. – Threat Trend Report on APT Groups
APT Trend

2023 Dec. – Threat Trend Report on APT Groups

The cases of major APT groups for December 2023 gathered from materials made public by security companies and institutions are as follows.   1) Andariel The Korean police announced that the Andariel group attacked 14 targets in Korea including companies in the defense industry, IT security companies, research centers, and

  • Jan 09 2024
RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release
APT Malware

RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release

The AhnLab Security Emergency response Center (ASEC) analysis team has recently discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group, is being distributed again. The CHM malware in distribution operates in a similar way to the “CHM Malware Disguised as Security Email

  • Sep 04 2023
Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft)
APT Malware

Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft)

AhnLab Security Emergency response Center (ASEC) has confirmed that malware [1], which was previously distributed in CHM format, is now being distributed in LNK format. This malware executes additional scripts located at a specific URL through the mshta process. It then receives commands from the threat actor’s server to carry

  • Sep 01 2023
RedEyes Group Wiretapping Individuals (APT37)
APT

RedEyes Group Wiretapping Individuals (APT37)

1. Overview RedEyes (also known as APT37, ScarCruft, and Reaper) is a state-sponsored APT group that mainly carries out attacks against individuals such as North Korean defectors, human rights activists, and university professors. Their task is known to be monitoring the lives of specific individuals. In May 2023, AhnLab Security

  • Jun 12 2023
RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft)
APT Malware

RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft)

AhnLab Security Emergency response Center (ASEC) confirmed that the RedEyes threat group (also known as APT37, ScarCruft), which distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month, has also recently distributed the RokRAT malware through LNK files. RokRAT is malware that is capable of collecting

  • Apr 21 2023
Malware Distributed Disguised as a Password File
Malware

Malware Distributed Disguised as a Password File

AhnLab Security Emergency response Center (ASEC) discovered a malware strain disguised as a password file and being distributed alongside a normal file within a compressed file last month. It is difficult for users to notice that this file is malicious because this type of malware is distributed together with a

  • Mar 10 2023
CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft)
APT Malware

CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft)

ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage

  • Mar 03 2023