Analysis Report on Larva-24011 Threat Actor’s Latest Attack Trend
1. Overview The Larva-24011 threat actor is targeting vulnerable systems to install CoinMiner and proxyware for financial gain. AhnLab Security Intelligence Center (ASEC) has recently observed that besides installing CoinMiner and proxyware, the threat actor is engaging in more attack cases of controlling infected systems and exfiltrating information such as
Statistical Report on Malware Targeting Windows Web Servers in Q3 2024
OverviewStatistics1. Status of Attacks Against Windows Web Servers 2. Categorization of Malware Used in Attacks 2.1. Privilege Escalation Tools 2.2. Hacking Tools 2.3. Backdoor 2.4. CoinMiner 3. Statistics on Web Shells Used in Attacks 3.1. Web Shell Statistics 4. Cases of Attacks in Q3 2024 Conclusion Overview AhnLab SEcurity intelligence Center (ASEC)
Statistical Report on Malware Targeting Windows Web Servers in Q2 2024
Overview AhnLab SEcurity intelligence Center (ASEC) uses the AhnLab Smart Defense (ASD) infrastructure to respond to and classify attacks on poorly managed Windows web servers. This report covers the current state of damage to Windows web servers which have become the target of attacks based on the logs identified
Analysis of CoinMiner Attacks Targeting Korean Web Servers
Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the
Analysis of Attack Case Installing SoftEther VPN on Korean ERP Server
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an attack case where a threat actor attacked the ERP server of a Korean corporation and installed a VPN server. In the initial compromise process, the threat actor attacked the MS-SQL service and later installed a web shell to maintain persistence and
Statistical Report on Malware Targeting Windows Web Servers in Q1 2024
Overview AhnLab SEcurity intelligence Center (ASEC) uses the AhnLab Smart Defense (ASD) infrastructure to respond to and classify attacks on poorly managed Windows web servers. This report covers the current state of damage to Windows web servers which have become the target of attacks based on the logs identified
z0Miner Exploits Korean Web Servers to Attack WebLogic Server
AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor ‘z0Miner’ attacked Korean WebLogic servers. z0Miner was first introduced by Tencent Security, a Chinese Internet service provider. https://s.tencent.com/research/report/1170.html (This link is
Statistics Report on Malware Targeting Windows Web Servers in Q4 2023
Overview AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks against poorly managed Windows web servers. This report will cover the current state of damage to Windows web servers which have become the target of attacks based on the
Chinese Hacker Group Stealing Information From Korean Companies
Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial
Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers
The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. Atlassian’s Confluence is a major collaboration platform used by many companies across the globe. Being a web-based platform, services such as
