Statistics Report on Malware Targeting Windows Web Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting poorly managed Windows web servers. This post will cover the damage status of Windows web servers that have become attack targets and the statistics of attacks that occurred against these
Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)
While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions,
Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group)
The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering
Analysis of Andariel’s New Attack Activities
Contents1. Past attack cases…. 1.1. Cases of Innorix Agent abuse…….. 1.1.1. NukeSped variant – Volgmer…….. 1.1.2. Andardoor…….. 1.1.3. 1th Troy Reverse Shell…. 1.2. Cases of attacks against Korean corporations…….. 1.2.1. TigerRat…….. 1.2.2. Black RAT…….. 1.2.3. NukeSped variants2. Cases of recent attacks…. 2.1. Cases of Innorix Agent abuse…….. 2.1.1. Goat RAT….
