July 4, 2024 at 08:33AM Hackers are targeting older versions of Rejetto’s HTTP File Server (HFS) with malware and cryptocurrency mining. They exploit CVE-2024-23692 to execute commands without authentication. Vulnerable versions include up to 2.3m, categorized as “dangerous” by Rejetto. Attackers gather system information, install backdoors, and deploy various malware, including XMRig for cryptocurrency mining. … Read more
July 2, 2024 at 01:41AM A South Korean ERP vendor’s product update server was breached, resulting in the delivery of malware instead of legitimate updates. The attack, potentially linked to the North Korea-associated Andariel group, targeted ERP systems with backdoors named HotCroissant and Riffdoor. This incident, detected by AhnLab, highlights the threat posed by such … Read more
June 3, 2024 at 04:36AM Andariel, a North Korea-linked threat actor, has been using a new Golang-based backdoor called Dora RAT in cyber attacks targeting South Korean educational institutes, manufacturing firms, and construction businesses. The attacks involve the use of multiple malware strains, a vulnerable Apache Tomcat server, and known security vulnerabilities in software. Andariel … Read more
April 5, 2024 at 06:33AM Bogus Adobe Acrobat Reader installers are distributing a new multi-functional malware called Byakugan. The attack begins with a PDF file in Portuguese prompting the victim to download the Reader application. Clicking the link leads to the installation of the malware, which leverages various techniques to deploy its payload and gather … Read more
March 5, 2024 at 03:28PM The ‘WogRAT’ malware targets Windows and Linux, utilizing the ‘aNotepad’ platform to store and retrieve malicious code. Named by AhnLab Security Intelligence Center (ASEC), it has been active since late 2022, targeting Asian countries. The malware employs covert distribution methods to avoid detection, using an online, legitimate service for stealthier … Read more
January 26, 2024 at 05:48AM Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential … Read more
January 16, 2024 at 08:33AM The Remcos RAT, disguised as adult-themed games, is being distributed in South Korea through webhards. This sophisticated remote access trojan allows threat actors to unauthorizedly control and surveil compromised hosts, exfiltrating sensitive information. Originally marketed as a remote administration tool, it has evolved into a potent weapon for infiltrating systems … Read more
December 29, 2023 at 04:36AM North Korean state actors are using spear-phishing attacks to distribute various malware and backdoors to infiltrate compromised systems. An advanced persistent threat group known as Kimsuky is responsible for the malicious activity, with a focus on targeting entities in South Korea and expanding globally. The group has been sanctioned by … Read more
November 14, 2023 at 11:39AM Researchers from AhnLab Security Emergency Response Center have warned that attackers are targeting MySQL servers and Docker hosts to infect them with malware capable of launching distributed denial-of-service (DDoS) attacks. The malware, known as Ddostf, is a DDoS-capable botnet of Chinese origin. Attackers scan for vulnerable MySQL servers and upload … Read more