AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked| ASEC
Malware | ASEC
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked| ASEC
Trend | ASEC
Security Advisory | ASEC
Malware | ASEC
Malware | ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of September, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 4, September 2025 Personal information of Spanish politicians and public officials shared on DarkForums. A university application platform in South Korea listed as a new victim by the ransomware group Kill Security. Data from a South Korean shipbuilding company being […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of September, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, September 2025 The emergence of a new ransomware group, BlackShrantac South Korean asset management firms listed as new victims of the Qilin ransomware group A South Korean broadcasting and telecom equipment manufacturer listed as a new victim of the […]| ASEC
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or collaborate with other threat groups, […]| ASEC
Overview While Windows shortcut (LNK) files are designed for user convenience, they have long been exploited as initial access vectors by threat actors. Since Microsoft strengthened its macro-blocking policies in 2022, attackers have increasingly turned to alternative formats such as ISO, RAR, and LNK files in their attacks. LNK files are commonly distributed via email […]| ASEC
BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had been active in secret for […]| ASEC
This report provides the statistics and major ransomware-related issues in Korea and worldwide, as well as the number of affected systems and ransomware cases based on Dedicated Leak Sites (DLS) over the course of August 2025. Below is a summary of the report. Disclaimer: The number of ransomware samples and damaged systems is based […]| ASEC
August 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
August 2025 Trends Report on Phishing Emails ASEC| ASEC
Malicious LNK Disguised as Credit Card Security Email Authentication Pop-up ASEC| ASEC
RokRAT Malware Using Malicious Hangul (.HWP) Documents ASEC| ASEC
June 2025 Trends Report on Phishing Emails ASEC| ASEC
Malware | ASEC
Malware | ASEC
Darkweb | ASEC
Darkweb | ASEC
New Variant of ACRStealer Actively Distributed with Modifications ASEC| ASEC
Malware | ASEC
APT | ASEC
Malware | ASEC
AhnLab SEcurity intelligence Center (ASEC) has confirmed that Infostealer malware disguised as a document containing legal responsibilities and copyright infringement facts is continuously being distributed in Korea. It is mainly distributed through links in email attachments, and the email instructs the recipients to download the evidence related to the copyright| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of September, 2025”| ASEC
This report comprehensively covers actual cyber threats and security issues related to financial companies in South Korea and abroad. This article includes an analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and the industry statistics of leaked Korean accounts on Telegram. A detailed […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 2, September 2025 Financial Institution Data from Poland and Central Europe Listed for Sale on DarkForums Gunra Ransomware Targets Korean Manufacturer Emergence of Four New Ransomware Groups: Obscura, Yurei, The Gentlemen, Radar| ASEC
Trends of APT Groups by Region 1) North Korea North Korea-linked APT groups have been intensively launching advanced cyber attacks targeting the areas of diplomacy, finance, technology, media, and policy research in South Korea. They have been highly active in their sophisticated spear-phishing campaigns employing various malware strains, social engineering techniques, and cloud-based […]| ASEC
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will provide insights for defending against […]| ASEC
The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post provides a technical analysis of […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of September, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 1, Sep. 2025 Japan-Based Automotive Company Listed as a New Victim of Ransomware Group Black Nevas Emergence of New Ransomware Groups: Desolator and LunaLock Korean Electronics Parts Manufacturer Targeted by Ransomware Group Gunra| ASEC
DireWolf Ransomware Group The DireWolf ransomware group made their first appearance in May 2025. On May 26 of the same month, they disclosed their first 6 victims on a darknet leak site, marking the beginning of their full-fledged activities. The group stated that their only goal is money and contacts their victims through the Tox […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of August, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 4, August 2025 Qilin Targets Japanese Automotive Design Firm in Ransomware Attack Attempt to Sell South Korean Local Government Data on DarkForums Raises Credibility Concerns Emerging Ransomware Group Cephalus Hits at Least 9 Organizations, Reveals Victims via DLS| ASEC
NightSpire operates a DLS (Dedicated Leak Site) and posts a countdown timer for the public release of information and data about victims. The group is known for using highly threatening language for their cyber extortion. This post describes the analysis and characteristics of NightSpire ransomware. 1. Overview 1.1. NightSpire Threat Group Figure […]| ASEC
Interlock ransomware group launches continuous ransomware attacks against companies from various countries and industries. This post describes the analysis and characteristics of Interlock ransomware. 1. Overview 1.1 Interlock ProfilesInterlock ransomware group first emerged at the end of September 2024, and has been continuously attacking various businesses and critical infrastructures in North America and Europe. Like […]| ASEC
Zip Slip, Path Traversal Vulnerability during File Decompression ASEC| ASEC
Darkweb | ASEC
Darkweb | ASEC
Darkweb | ASEC
Malware | ASEC
Malware | ASEC
Darkweb | ASEC
Malware | ASEC
DigitalPulse Proxyware Being Distributed Through Ad Pages ASEC| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of August, 2025”| ASEC
The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware. 1. Overview 1.1 Team Underground The ransomware strain operated by the group known as Underground was first identified in early July 2023. Afterward, their […]| ASEC
Trends of Key APT Groups by Region 1) North Korea North Korea’s APT group actively utilized the ClickFix technique and performed the DLL side-loading technique through OLE objects inserted in Hangul (HWP) documents. Kimsuky The Kimsuky group utilized the ClickFix tactic to launch a multi-stage spear phishing attack targeting diplomats […]| ASEC
AhnLab SEcurity intelligence Center (ASEC) has covered cases where Proxyware malware is distributed by sites posing as YouTube video download pages. Although the attack methods and malware installed are similar, the same attacker continues to distribute the malware, leading to the infection of numerous systems. The following blog posts detail the latest attack cases: […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, August 2025 WARLOCK launched a ransomware attack targeting a telecommunications provider in France. The pro-Israeli hacktivist group “313 Team” claims to have conducted DDoS attacks against nine institutions in Saudi Arabia. Qilin carried out ransomware attacks targeting financial and […]| ASEC
July 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
July 2025 Threat Trend Report on Ransomware ASEC| ASEC
July 2025 Trend Report on Phishing Emails ASEC| ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project ASEC| ASEC
July 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site ASEC| ASEC
Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included ASEC| ASEC
June 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
Darkweb | ASEC
Malware | ASEC
Malware | ASEC
Darkweb | ASEC
Ransom & Dark Web Issues Week 2, July 2025 ASEC| ASEC
June 2025 Trend Report on the Deep Web & Dark Web ASEC| ASEC
June 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
CoinMiner Attacks Exploiting GeoServer Vulnerability ASEC| ASEC
Statistics Report on Malware Targeting Windows Database Servers in Q2 2025 ASEC| ASEC
Statistical Report on Malware Targeting Windows Web Servers in Q2 2025 ASEC| ASEC
AhnLab SEcurity intelligence Center (ASEC) collects information on malware distributed through phishing emails by using its own “email honeypot system.” Based on this information, ASEC publishes the “Phishing Email Trend Report” and “Infostealer Trend Report” on the ASEC Blog every month. Recently, XwormRAT has been confirmed to be distributed using steganography. This malware starts […]| ASEC
Ransom & Dark Web Issues Week 1, July 2025 ASEC| ASEC
Analysis of Attacks Targeting Linux SSH Servers for Proxy Installation ASEC| ASEC
Malware | ASEC
Malware | ASEC
Infostealer Disguised as Copyright Infringement Document Distributed in Korea ASEC| ASEC
Trend | ASEC
May 2025 Threat Trend Report on Ransomware ASEC| ASEC
Ransom & Dark Web Issues Week 2, June 2025 ASEC| ASEC
May 2025 Trends Report on Phishing Emails ASEC| ASEC
May 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
May 2025 Deep Web and Dark Web Trends Report ASEC| ASEC
The AhnLab SEcurity intelligence Center (ASEC) recently discovered ransomware being distributed disguised a password cracker tool. Such tools are typically used in brute force attacks. Brute force attacks involve by trying every possible combination to find the correct password. Attackers repeatedly attempt to breach a system’s authentication procedure to steal passwords. This method is particularly […]| ASEC
Ransom & Dark Web Issues Week 3, May 2025 ASEC| ASEC
