February 2026 Phishing Email Trends Report
Statistics on Attachment Threats Types in February 2026, the highest percentage of phishing email attachment threats is FakePage (42%). threat actors sophisticatedly mimic login pages and advertisement pages with HTML and other scripts to trick users into entering data and sending it to a C2 server or to a fake
Remcos RAT Being Distributed to Korean Users
AhnLab SEcurity intelligence Center (ASEC) has confirmed the RAT distribution of the Remcos RAT targeting users in South Korea. While the original distribution pages remain unknown, the malware appears to masquerade as VeraCrypt installers or software associated with illegal gambling websites. 1. Malware Distribution One of the initial malware
Statistics Report on Malware Targeting Windows Database Servers in Q2 2025
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs
Statistical Report on Malware Targeting MS-SQL Servers in 1Q 2025
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in 1Q 2025,
Remcos RAT Malware Disguised as Major Carrier’s Waybill
AhnLab SEcurity intelligence Center (ASEC) has recently discovered the Remcos malware disguised as a waybill from a major shipping company. This article details the distribution distribution flow from HTML, JavaScript, and AutoIt scripts leading to the execution of the final Remcos malware. Figure 1 shows the original email with
Statistical Report on Malware Targeting MS-SQL Servers in Q4 2024
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in Q4 2024,
Supply Chain Attacks Targeting Korean Game Companies Using Valid Certificates
While monitoring threats against Korean companies and users, AhnLab SEcurity intelligence Center (ASEC) has recently identified evidence of supply chain attacks targeting Korean game companies. The attack group, identified by AhnLab as Larva-24008, targeted a Korean game security company to insert a malicious routine into the game security module. As
Remcos RAT Distributed as UUEncoding (UUE) File
AhnLab SEcurity intelligence Center (ASEC) recently discovered that Remcos RAT is being distributed via UUEncoding (UUE) files compressed using Power Archiver. The image below shows a phishing email distributing the Remcos RAT downloader. Recipients must be vigilant as phishing emails are disguised as emails about importing/exporting shipments or quotations. 1.
Analysis Report on TargetCompany Threat Actor’s Attack Against MS-SQL Servers Using Remcos RAT
Overview AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed MS-SQL servers. TargetCompany is one of the threat actors who target account credentials that are exposed to the Internet and are vulnerable to brute force and dictionary attacks. TargetCompany has been installing ransomware constantly for years on MS-SQL
RemcosRAT Distributed Using Steganography
AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF that exploits a vulnerability in the equation editor (EQNEDT32.EXE) is downloaded and executed. The RTF file downloads a VBScript with
