z0Miner Exploits Korean Web Servers to Attack WebLogic Server Posted By kingkimgim , March 6, 2024 AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor ‘z0Miner’ attacked Korean WebLogic servers. z0Miner was first introduced by Tencent Security, a Chinese Internet service provider. https://s.tencent.com/research/report/1170.html (This link is only available in Chinese.) These threat actors have a history of distributing miners against vulnerable servers (Atlassian Confluence, Apache ActiveMQ, Log4J, etc.), and they were frequently mentioned in the ASEC…
XMRig CoinMiner Installed via Game Hacks Posted By kwonxx , January 25, 2024 AhnLab SEcurity intelligence Center (ASEC) recently found that XMRig CoinMiner is being distributed through game hacks. The process is similar to previously covered cases where file-sharing platforms were used to distribute XMRig CoinMiner [1] [2]. 1. Distribution Channel The CoinMiner’s distribution channel was found to be a website that distributes game hacks for famous games. On this website, multiple compressed files disguised as hacks for famous games are uploaded. In order to prevent the download from being blocked by browsers and…
Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike Posted By Sanseo , November 20, 2023 AhnLab Security Emergency response Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed. Because web servers are externally exposed for the purpose of providing web services to all available users, these become major attack targets for threat actors. Major examples of web services that support Windows environments include Internet Information Services (IIS), Apache, Apache Tomcat, and Nginx. While the Apache web service is usually used in Linux environments, there are some…
