Summary:
The report analyzes the covert cyber reconnaissance activities of the state-backed APT37 group, which targets South Korean individuals and organizations related to North Korean human rights and security. It highlights the group’s use of malicious shortcut files and the necessity for enhanced endpoint detection and response (EDR) solutions to counteract these threats.…Author: Genians-Korea
1. Short Summary
Read More
The BlueShark APT group has been actively targeting individuals in South Korea during the first half of 2024, utilizing various malware types and spear-phishing tactics disguised as legitimate requests for lectures and interviews.
2. Keypoints Utilization of various types of malware such as LNK, ISO, MSC, and HWP.…“`html
1. Short SummaryThe article discusses the increasing threat activity associated with the Kimsuky group, particularly focusing on the Konni campaign. It highlights the use of legitimate cloud and FTP services in a step-by-step infection chain, with various attack attempts targeting not only South Korea but also Russian government agencies.…
“`html
◈ Short Summary Utilizes tax evasion report notifications to impersonate and gain access. Creates confusion by suggesting tax audits and amplifying anxiety regarding funding sources. Attempts internal reconnaissance through LNK-type malicious files. Calls malicious script commands using legitimate AutoIt programs. Employs strategies to evade antivirus detection, making EDR responses possible.…
A researcher from a foreign news agency impersonated and approached several North Korean human rights activists.
They conducted spear phishing attacks by requesting written interviews on the topic of peace on the Korean Peninsula.
They used malicious HWP documents and disguised DOC and PDF icons with MSC-type malicious code.…
Read More
The article discusses the discovery of a Kimsuky APT attack using Facebook and MS Management Console.
Read More
Full Report: https://www.genians.co.kr/blog/threat_intelligence/facebook…
◈ Executive Summary
Impersonating policy conferences, advisory meetings, surveys, and lecture notifications
Initial access starts with legitimate emails, utilizing responsive spear-phishing strategies
Utilizing multistage attack chain of legitimate Dropbox and TutorialRAT attacks
Confirmed as an extension of APT43 group’s BabyShark threat campaign
Preemptive identification possible through Genian EDR’s XBA anomaly detection technology
Read More
Full Report: https://www.genians.co.kr/blog/threat_intelligence/dropbox…
◈ Executive Summary
Impersonation of North Korean-related questionnaires, manuscripts, security columns, articles, and monthly magazines
Malicious files of LNK type hidden inside ZIP compressed files
Exploitation of cloud storage such as DropBox and pCloud as attack bases
Continued RoKRAT fileless attacks by APT37 group
Early detection of LNK and PowerShell stages through Genian EDR
1.…
Read More
◈ Executive Summary
Read More
● Rising concerns of cyber threats due to increase in Bitcoin price● Beware of targeted attacks on users of virtual asset exchanges● Hacking attempts disguised as actual work content● Malware used by Konni APT group is the same● Immediate detection of abnormal behavior from infiltration through Genian EDR
Full Report: https://www.genians.co.kr/blog/threat_intelligence/bitcoin…
Full Report: https://www.genians.co.kr/blog/threat_intelligence/nation-state…
◈ Executive Summary
Read More
● Attack impersonating actual field and webinar event scheduled for January 10, 2024 in the field of unification strategy● Malicious file disguised as an event invitation is manipulated with a Google Form link and downloaded from Dropbox● Malicious file of shortcut (LNK) type exists inside the downloaded ZIP compressed file● Attempt to leak information to pCloud using the typical APT37 group’s spear phishing attack style● Early identification and preemptive response to internal threat signs possible through Genian EDR service
Full Report: https://www.genians.co.kr/blog/threat_intelligence/webinar-apt…
◈ Executive Summary
Read More
● Detection of attacks using various types of malicious files such as LNK, HWP, HWPX, XLSX, DOCX● Extension of attacks based on ‘LNK’ by [APT37] group combined with security vulnerabilities● Extension of attacks using the ‘CVE-2022-41128’ vulnerability disguised as last year’s Itaewon incident response document● Demand for detection of unknown vulnerability attacks and rapid threat identification based on Genian EDR
Full Report: https://www.genians.co.kr/blog/threat_intelligence/market…
◈ Executive Summary
Using the delivery method of HWP documents containing malicious OLE through deception and access through foreign news channel interviews
Execution of encrypted PowerShell commands using the FlowerPower APT attack tool series
Setting up the code hosting platform GitHub for version control and collaboration as a command center for threat commands
Effect of minimizing damage through threat visibility and early detection with Genian EDR solution
1.…
Read More
Genians Security Center has published a threat analysis report. This report investigates the latest cyber threats and vulnerabilities and provides information for quick response and prevention. (Click the link below to view the full report)
Full Report: https://www.genians.co.kr/blog/threat_intelligence/kimsuky…
Genians Security Center has released a threat analysis report. This report investigates the latest cyber threats and vulnerabilities and provides information for quick response and prevention. (Click the link below for the full report)
Full Report: https://www.genians.co.kr/blog/threat_intelligence/darkhorse…
Genians Security Center has published a threat analysis report. This report investigates the latest cyber threats and vulnerabilities, and provides information for prompt response and prevention. (See link below for full report)
Full Report: https://www.genians.co.kr/blog/threat_intelligence/konniapt…