Q1 2026 malware statistics report for Windows web servers
Description. AhnLab SEcurity intelligence Center (ASEC) analyzed the attack status and malware statistics of Windows web servers in the first quarter of 2026 based on AhnLab Smart Defense (ASD) logs. the analysis covers Internet Information Services (IIS) and Apache Tomcat web servers in Windows environments. command execution through the web
Attack Targeting MS‑SQL Servers to Deploy the ICE Cloud Scanner (Larva-26002)
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Larva-26002 threat actor continues to target improperly managed MS-SQL servers in 2026. The Larva-26002 threat actor has distributed Trigona and Mimic ransomware in the past, and has since seized control of infected systems and installed scanners. The latest confirmed attack utilizes
Statistics Report on Malware Targeting Windows Web Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting poorly managed Windows web servers. This post will cover the damage status of Windows web servers that have become attack targets and the statistics of attacks that occurred against these
Analysis of Trigona Threat Actor’s Latest Attack Cases
AhnLab SEcurity intelligence Center (ASEC) has covered the case of Trigona threat actors attacking MS-SQL servers in the past post, “Trigona Ransomware Threat Actor Uses Mimic Ransomware.”[1] In the attack cases, both Trigona and Mimic ransomware were used. However, while the email address used by the threat actor in the
Statistical Report on Malware Targeting Windows Web Servers in Q2 2025
Overview AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks against poorly managed Windows web servers. This report covers the current state of damage to Windows web servers which had become the target of attacks based on the logs identified
Statistical Report on Malware Targeting Windows Web Servers in Q1 2025
Overview AhnLab SEcurity intelligence Center (ASEC) responds to and classifies attacks that target inappropriately managed Windows web servers by utilizing the AhnLab Smart Defense (ASD) infrastructure. This post covers the damage status of Windows web servers that have been targeted in attacks and provides statistics on the attacks based on
Statistical Report on Malware Targeting Windows Web Servers in Q4 2024
Overview AhnLab SEcurity intelligence Center (ASEC) responds to and classifies attacks that target inappropriately managed Windows web servers by utilizing the AhnLab Smart Defense (ASD) infrastructure. This post covers the damage status of Windows web servers that have been targeted in attacks and provides statistics on the attacks based on
Analysis of Attacks That Install Scanners on Linux SSH Servers
AhnLab Security Emergency response Center (ASEC) analyzes attack campaigns against poorly managed Linux SSH servers and shares the results on the ASEC Blog. Before installing malware such as DDoS bot and CoinMiner, the threat actors need to obtain information on the attack target, that is the IP address and SSH
