Author: Ahnlab
Summary:
AhnLab Security Intelligence Center (ASEC) has reported the distribution of XLoader malware utilizing DLL side-loading techniques. This method involves placing a malicious DLL alongside a legitimate application, allowing the malware to execute when the application runs. The attack leverages a legitimate file from the Eclipse Foundation, jarsigner, and includes malicious files that perform decryption and injection of the XLoader payload.…Summary:
LummaC2 is a sophisticated Infostealer malware that disguises itself as legitimate software to evade detection. It captures sensitive information from users and sends it to the attacker’s command and control server, posing a significant threat to both individual and corporate systems.Keypoints:
LummaC2 is distributed disguised as illegal software and inserted into legitimate programs.…Summary:
The Russian hacktivist group NoName057 has been conducting DDoS attacks since March 2022, targeting entities with anti-Russian sentiments. In November 2024, they collaborated with other pro-Russian groups to attack South Korean government websites in response to political remarks regarding Ukraine. Utilizing automated DDoS bots like DDoSia, they incentivize participation through cryptocurrency rewards, aiming to disrupt services and exert psychological pressure during military conflicts.…Summary:
Ransomware attacks are increasingly prevalent in 2024, with threat actors leveraging various methods to infiltrate systems and extort victims. The anonymity provided by cryptocurrency payments complicates law enforcement efforts. The Ransomware-as-a-Service model has further facilitated these attacks, allowing even those with limited technical skills to engage in ransomware activities.…Summary:
This report provides an in-depth analysis of cyber threats and security incidents affecting the financial industry, both in Korea and globally. It highlights malware and phishing attacks, significant data breaches, and ransomware incidents, along with statistics on compromised accounts and the implications for financial institutions.…Summary:
This report highlights the increase in new ransomware samples and targeted systems in October 2024, particularly noting the rise of MEDUSALOCKER ransomware. It also provides insights into the companies affected by various ransomware groups, based on data collected from Dedicated Leak Sites (DLS).Keypoints:
Increase in new ransomware samples in October compared to September.…Short Summary:
This article discusses the implementation of RAT (Remote Access Trojan) malware using a Discord Bot, specifically the PySilon case. It highlights how the malware operates, maintains persistence, and collects sensitive user information while exploiting the Discord platform for communication and control.
Key Points:
Discord is a platform for real-time communication and community building.…Short Summary:
AhnLab SEcurity intelligence Center (ASEC) has identified malware being distributed under the guise of gambling games. This malware, named WrnRAT, is designed to control infected systems and steal information. It is distributed through deceptive websites and disguised as various installers, including those for gambling games and computer optimization programs.…
Short Summary:
The AhnLab Security Intelligence Center (ASEC) reports a rise in phishing emails impersonating major Korean entertainment agencies. These emails trick recipients into clicking a link that downloads a Python-based Infostealer disguised as a PDF. The malware collects sensitive information and sends it to the threat actor’s Telegram chat room.…
Short Summary:
A joint analysis by AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) has uncovered a zero-day vulnerability in Microsoft Internet Explorer (IE), exploited by the North Korean threat actor TA-RedAnt. The vulnerability allows for a zero-click attack via a toast ad program that uses the vulnerable IE browser engine, leading to potential malware downloads on victims’ systems.…
Short Summary:
AhnLab Security Intelligence Center (ASEC) has identified attacks targeting improperly managed Linux servers, specifically focusing on HiveOS. Attackers exploit weak SSH credentials to gain initial access, allowing them to install backdoors and mine cryptocurrency, particularly Ravencoin.
Key Points:
ASEC monitors attacks on Linux servers using honeypots, particularly targeting SSH services.…