The ASEC analysis team has discovered a word document that is in the same category as the document introduced in the post <Word File Disguised as a Design Modification Request for Information Theft>, uploaded in December last year. The title of the document…

Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group's activity, we determined they are an Initial Access Broker (IAB) who appear…

Cyble Research Labs recently came across a ransomware sample allegedly targeting Russia and sending out a message to stop the war.

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 7th, 2022 (Monday) to March 13th, 2022 (Sunday). For the main category, info-stealer…

Introduction to MikroTik Vulnerabilities

As war in Ukraine rages, new destructive malware continues to be discovered. In this short blog post, we will review IsaacWiper and CaddyWiper, two new wipers that do not have much in common based on…

In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities an…

BitRAT Disguised as Windows Product Key Verification Tool Being Distributed ASEC

Key Findings Proofpoint identified a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor. The attack targeted French entities in the construction,

FlawedGrace is a RAT that recognizes incoming commands from a C2 server sent via a binary protocol through port 443.

* BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months.
* There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups, infamous…

This post is also available in:

日本語 (Japanese)

Українська (Ukrainian)


Overview

Cybersecurity company ESET disclosed another Ukraine-focused wiper dubbed "CaddyWiper" on March 14. This wiper is relatively smaller than previous wiper attacks we've seen…

The ASEC analysis team has recently discovered the distribution of malware disguised as a Windows Help File (*.chm), specifically targeting Korean users. The CHM file is a compiled HTML Help file that is executed via the Microsoft® HTML help executable program.…

Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input…

研究人员发现某网络攻击组织利用SSH爆破投放挖矿程序的活动比较活跃。

Перевод сайтов с английского, немецкого, французского, испанского, польского, турецкого и других языков на русский и обратно. Работает в режиме онлайн.

In late 2021, Volexity discovered an intrusion in an environment monitored as part of its Network Security Monitoring service. Volexity detected a system running frp, otherwise known as fast reverse […]

Cyble Research Labs analyzes a Clipper malware variant disguised as an AvD Crypto-stealer, potentially targeting other Threat Actors.

The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes…

On March 18th, the ASEC analysis team discovered a document-borne APT attack targeting companies specialized in carbon emissions. According to logs collected from AhnLab’s ASD (AhnLab Smart Defense), the user of the infected PC appears to have downloaded…