- AhnLab Security Intelligence Center (ASEC) confirmed a case of attacking Korean companies’ ERP servers to install VPN servers.
- The attacker initially attacked the MS-SQL service during the infiltration process and then installed a web shell to maintain persistence and control the infected system.
- After completing these steps, the attacker installed SoftEther VPN service to utilize the infected system as a VPN server.
- Proxy and VPN services are technologies that allow users to communicate through relay servers, enhancing privacy, security, and bypassing geographical restrictions.
https://asec.ahnlab.com/ko/66581/