Summary: The rise of malware in MSC file format is concerning, particularly due to its ability to exploit vulnerabilities and execute commands without raising suspicion among users. The Kimsuky group has been identified as a key actor in distributing this malware, often disguising it as legitimate documents.…
Read More

Summary:

AhnLab Security Intelligence Center (ASEC) has reported the distribution of XLoader malware utilizing DLL side-loading techniques. This method involves placing a malicious DLL alongside a legitimate application, allowing the malware to execute when the application runs. The attack leverages a legitimate file from the Eclipse Foundation, jarsigner, and includes malicious files that perform decryption and injection of the XLoader payload.…
Read More

Summary:

LummaC2 is a sophisticated Infostealer malware that disguises itself as legitimate software to evade detection. It captures sensitive information from users and sends it to the attacker’s command and control server, posing a significant threat to both individual and corporate systems.

Keypoints:

LummaC2 is distributed disguised as illegal software and inserted into legitimate programs.…
Read More

Summary:

The Russian hacktivist group NoName057 has been conducting DDoS attacks since March 2022, targeting entities with anti-Russian sentiments. In November 2024, they collaborated with other pro-Russian groups to attack South Korean government websites in response to political remarks regarding Ukraine. Utilizing automated DDoS bots like DDoSia, they incentivize participation through cryptocurrency rewards, aiming to disrupt services and exert psychological pressure during military conflicts.…
Read More

Summary:

Ransomware attacks are increasingly prevalent in 2024, with threat actors leveraging various methods to infiltrate systems and extort victims. The anonymity provided by cryptocurrency payments complicates law enforcement efforts. The Ransomware-as-a-Service model has further facilitated these attacks, allowing even those with limited technical skills to engage in ransomware activities.…
Read More

Summary:

This report highlights the increase in new ransomware samples and targeted systems in October 2024, particularly noting the rise of MEDUSALOCKER ransomware. It also provides insights into the companies affected by various ransomware groups, based on data collected from Dedicated Leak Sites (DLS).

Keypoints:

Increase in new ransomware samples in October compared to September.…
Read More

Short Summary:

This article discusses the implementation of RAT (Remote Access Trojan) malware using a Discord Bot, specifically the PySilon case. It highlights how the malware operates, maintains persistence, and collects sensitive user information while exploiting the Discord platform for communication and control.

Key Points:

Discord is a platform for real-time communication and community building.…
Read More

Short Summary:

AhnLab SEcurity intelligence Center (ASEC) has identified malware being distributed under the guise of gambling games. This malware, named WrnRAT, is designed to control infected systems and steal information. It is distributed through deceptive websites and disguised as various installers, including those for gambling games and computer optimization programs.…

Read More

Short Summary:

A joint analysis by AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) has uncovered a zero-day vulnerability in Microsoft Internet Explorer (IE), exploited by the North Korean threat actor TA-RedAnt. The vulnerability allows for a zero-click attack via a toast ad program that uses the vulnerable IE browser engine, leading to potential malware downloads on victims’ systems.…

Read More

Short Summary:

AhnLab Security Intelligence Center (ASEC) has identified attacks targeting improperly managed Linux servers, specifically focusing on HiveOS. Attackers exploit weak SSH credentials to gain initial access, allowing them to install backdoors and mine cryptocurrency, particularly Ravencoin.

Key Points:

ASEC monitors attacks on Linux servers using honeypots, particularly targeting SSH services.…
Read More
Short Summary: AhnLab’s ASEC has identified supply chain attacks targeting Korean game companies by the group Larva-24008. The attackers compromised a game security module to distribute malware, primarily targeting game companies. The malware was signed with a valid certificate, allowing it to be distributed through official channels, leading to the installation of remote control malware on affected systems.…
Read More