Summary:
This report provides an in-depth analysis of cyber threats and security incidents affecting the financial industry, both in Korea and globally. It highlights malware and phishing attacks, significant data breaches, and ransomware incidents, along with statistics on compromised accounts and the implications for financial institutions.…Author: Ahnlab
Summary:
This report highlights the increase in new ransomware samples and targeted systems in October 2024, particularly noting the rise of MEDUSALOCKER ransomware. It also provides insights into the companies affected by various ransomware groups, based on data collected from Dedicated Leak Sites (DLS).Keypoints:
Increase in new ransomware samples in October compared to September.…Short Summary:
This article discusses the implementation of RAT (Remote Access Trojan) malware using a Discord Bot, specifically the PySilon case. It highlights how the malware operates, maintains persistence, and collects sensitive user information while exploiting the Discord platform for communication and control.
Key Points:
Discord is a platform for real-time communication and community building.…Short Summary:
AhnLab SEcurity intelligence Center (ASEC) has identified malware being distributed under the guise of gambling games. This malware, named WrnRAT, is designed to control infected systems and steal information. It is distributed through deceptive websites and disguised as various installers, including those for gambling games and computer optimization programs.…
Short Summary:
The AhnLab Security Intelligence Center (ASEC) reports a rise in phishing emails impersonating major Korean entertainment agencies. These emails trick recipients into clicking a link that downloads a Python-based Infostealer disguised as a PDF. The malware collects sensitive information and sends it to the threat actor’s Telegram chat room.…
Short Summary: BPFDoor is a stealthy backdoor malware that utilizes the Berkeley Packet Filter (BPF) to operate without needing to connect to a command and control server. It has been used by the China-based threat actor Red Menshen in attacks targeting the Middle East and Asia since its discovery in 2021.…
Read More
Short Summary:
A joint analysis by AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) has uncovered a zero-day vulnerability in Microsoft Internet Explorer (IE), exploited by the North Korean threat actor TA-RedAnt. The vulnerability allows for a zero-click attack via a toast ad program that uses the vulnerable IE browser engine, leading to potential malware downloads on victims’ systems.…
Short Summary:
AhnLab Security Intelligence Center (ASEC) has identified attacks targeting improperly managed Linux servers, specifically focusing on HiveOS. Attackers exploit weak SSH credentials to gain initial access, allowing them to install backdoors and mine cryptocurrency, particularly Ravencoin.
Key Points:
ASEC monitors attacks on Linux servers using honeypots, particularly targeting SSH services.…
Short Summary: AhnLab’s ASEC has identified supply chain attacks targeting Korean game companies by the group Larva-24008. The attackers compromised a game security module to distribute malware, primarily targeting game companies. The malware was signed with a valid certificate, allowing it to be distributed through official channels, leading to the installation of remote control malware on affected systems.…
Read More
Short Summary: Notion, a widely used collaboration tool, has been targeted by threat actors who disguise malware as legitimate software. Recent cases have shown malware like LummaC2 and SectopRAT being distributed through fake installers, leading to potential data theft and system control.
Key Points:
Notion is a popular collaboration tool that can be exploited by attackers.…
Read More
Short Summary:
AhnLab Security Intelligence Center (ASEC) has reported on an attack involving MS-SQL servers, where threat actors exploited weak credentials and installed GotoHTTP, a remote control tool, to gain unauthorized access and control over the systems.
Key Points:
AhnLab ASEC monitored MS-SQL servers and identified an attack using GotoHTTP.…
Short Summary: AhnLab SEcurity intelligence Center (ASEC) has identified an attack involving the Supershell backdoor on poorly managed Linux SSH servers. This backdoor, developed in Go by a Chinese-speaking developer, enables remote control of infected systems and is often accompanied by attempts to exploit weak passwords through dictionary attacks.…
Read More
Short Summary:
This article discusses Binary Managed Object Files (BMOFs) and their use in distributing the XMRig CoinMiner malware. BMOFs, while not inherently malicious, can be exploited for persistence in malware attacks through Permanent Event Subscriptions in Windows Management Instrumentation (WMI).
Key Points:
BMOFs are compiled versions of Managed Object Files (MOFs) used in Windows Management Instrumentation (WMI).…
Short Summary: AhnLab SEcurity intelligence Center (ASEC) has identified a malicious MSC file exploiting Amazon services, leading to the distribution of malware that downloads and executes harmful files on user systems.
Key Points:
Malicious MSC files exploit a vulnerability in apds.dll.
Payloads are inserted into the section of the MSC file.…
Read More
“`html
Short Summary: AhnLab Security Intelligence Center has reported the distribution of SnakeKeylogger malware via phishing emails. This Infostealer malware, developed in .NET, exfiltrates sensitive data through various channels, including email and FTP. Key Points: SnakeKeylogger is an Infostealer type of malware. It is distributed via phishing emails with executable attachments.…“`html
Short Summary: The article discusses a phishing scam that impersonates PayPal to distribute malware. The malware, named Xworm, is delivered through a URL file that accesses a network shared folder to download an executable file. The article highlights the detection of the malware’s activities using AhnLab’s EDR system, which tracks the infiltration path and malicious behaviors of the malware.…“`html Short Summary:
AhnLab Security Emergency response Center (ASEC) has reported the distribution of malicious LNK files targeting Korean financial companies. These files are being sent via emails with malicious URLs, leading to the download of a compressed file that contains both a legitimate PDF and a malicious LNK file.…
LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc.…
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware.
This post will cover additional defense evasion techniques against Linux systems not covered in the past post.…
AhnLab SEcurity intelligence Center (ASEC) has previously introduced the dangers of malware disguised as crack programs through a post titled “Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)”. [1]
Malware strains disguised as crack programs are primarily distributed through file-sharing platforms, blogs, and torrents, leading to the infection of multiple systems.…