XiebroC2 Identified in MS-SQL Server Attack Cases - ASEC
XiebroC2 Identified in MS-SQL Server Attack Cases ASEC| ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
Darkweb | ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
This report provides statistics, trends, and case information on the distribution of Infostealer malware, including the distribution volume, methods, and disguises, based on the data collected and analyzed in May 2025. The following is a summary of the report. 1) Data Source and Collection Method AhnLab SEcurity intelligence| ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
Malware | ASEC
This report provides statistics, trends, and case information on the distribution of Infostealer malware, including the distribution volume, methods, and disguises, based on the data collected and analyzed in May 2025. The following is a summary of the report. 1) Data Source and Collection Method AhnLab SEcurity intelligence| ASEC
Malware | ASEC
Darkweb | ASEC
This report comprehensively covers actual cyber threats and security issues that have occurred in financial institutions in Korea and abroad. This includes an analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and industry statistics of leaked Korean accounts| ASEC
Darkweb | ASEC
Darkweb | ASEC
AhnLab SEcurity intelligence Center (ASEC) has covered cases where Proxyware malware is distributed by sites posing as YouTube video download pages. Although the attack methods and malware installed are similar, the same attacker continues to distribute the malware, leading to the infection of numerous systems. The following blog posts detail| ASEC
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting poorly managed MS-SQL servers and recently confirmed a case involving the use of XiebroC2. XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to CobaltStrike. [1] Figure 1. XiebroC2’s| ASEC
Trend | ASEC
Trend | ASEC
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting poorly managed MS-SQL servers and recently confirmed a case involving the use of XiebroC2. XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to CobaltStrike. [1] Figure 1. XiebroC2’s| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, October 2025 New ransomware groups Kyber, Nasir Security, Kryptos, Tengu, and VFVCT (V For Vendetta Cyber Team) have emerged. Data from a South Korean website-building platform is being sold on the cybercrime forum DarkForums. The ransomware group Qilin has […]| ASEC
AhnLab SEcurity intelligence Center (ASEC) is using a honeypot to respond to and categorize brute-force and dictionary attacks that target poorly managed Linux SSH servers. This post covers the status of the attack sources identified in logs from the third quarter of 2025 and the statistics of attacks performed by these sources. It also classifies […]| ASEC
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs discovered in the third quarter of 2025, and also discuss […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of October, 2025”| ASEC
This report covers the seven posts on the breach analysis of APT Down, which were published in “Threat Notes” of AhnLab TIP after the release of the “APT Down: the North Korea Files” report, along with additional analysis. Post on Aug 12, 2025, “APT DOWN – Analysis of Korean Organization Breach Status” Post on […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of October, 2025”| ASEC
XiebroC2 Identified in MS-SQL Server Attack Cases ASEC| ASEC
Darkweb | ASEC
Analysis on the Qilin Ransomware Using Selective Encryption Algorithm ASEC| ASEC
Ransom & Dark Web Issues Week 1, October 2025 ASEC| ASEC
Atomic Stealer Malware Disguised as Crack Program (macOS) ASEC| ASEC
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor ASEC| ASEC
LummaC2 Malware Distributed Disguised as Total Commander Crack ASEC| ASEC
ACRStealer Infostealer Exploiting Google Docs as C2 ASEC| ASEC
Distribution of LummaC2 Infostealer Based on Legitimate Programs ASEC| ASEC
New InnoSetup Malware Created Upon Each Download Attempt ASEC| ASEC
The AhnLab SEcurity intelligence Center (ASEC) recently discovered ransomware being distributed disguised a password cracker tool. Such tools are typically used in brute force attacks. Brute force attacks involve by trying every possible combination to find the correct password. Attackers repeatedly attempt to breach a system’s authentication procedure to steal| ASEC
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked| ASEC
Malware | ASEC
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked| ASEC
Trend | ASEC
Security Advisory | ASEC
Malware | ASEC
Malware | ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of September, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 4, September 2025 Personal information of Spanish politicians and public officials shared on DarkForums. A university application platform in South Korea listed as a new victim by the ransomware group Kill Security. Data from a South Korean shipbuilding company being […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of September, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, September 2025 The emergence of a new ransomware group, BlackShrantac South Korean asset management firms listed as new victims of the Qilin ransomware group A South Korean broadcasting and telecom equipment manufacturer listed as a new victim of the […]| ASEC
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or collaborate with other threat groups, […]| ASEC
Overview While Windows shortcut (LNK) files are designed for user convenience, they have long been exploited as initial access vectors by threat actors. Since Microsoft strengthened its macro-blocking policies in 2022, attackers have increasingly turned to alternative formats such as ISO, RAR, and LNK files in their attacks. LNK files are commonly distributed via email […]| ASEC
BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had been active in secret for […]| ASEC
This report provides the statistics and major ransomware-related issues in Korea and worldwide, as well as the number of affected systems and ransomware cases based on Dedicated Leak Sites (DLS) over the course of August 2025. Below is a summary of the report. Disclaimer: The number of ransomware samples and damaged systems is based […]| ASEC
August 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
August 2025 Trends Report on Phishing Emails ASEC| ASEC
Malicious LNK Disguised as Credit Card Security Email Authentication Pop-up ASEC| ASEC
RokRAT Malware Using Malicious Hangul (.HWP) Documents ASEC| ASEC
June 2025 Trends Report on Phishing Emails ASEC| ASEC
Malware | ASEC
Malware | ASEC
Darkweb | ASEC
Darkweb | ASEC
New Variant of ACRStealer Actively Distributed with Modifications ASEC| ASEC
Malware | ASEC
APT | ASEC
Malware | ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of September, 2025”| ASEC
This report comprehensively covers actual cyber threats and security issues related to financial companies in South Korea and abroad. This article includes an analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and the industry statistics of leaked Korean accounts on Telegram. A detailed […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 2, September 2025 Financial Institution Data from Poland and Central Europe Listed for Sale on DarkForums Gunra Ransomware Targets Korean Manufacturer Emergence of Four New Ransomware Groups: Obscura, Yurei, The Gentlemen, Radar| ASEC
Trends of APT Groups by Region 1) North Korea North Korea-linked APT groups have been intensively launching advanced cyber attacks targeting the areas of diplomacy, finance, technology, media, and policy research in South Korea. They have been highly active in their sophisticated spear-phishing campaigns employing various malware strains, social engineering techniques, and cloud-based […]| ASEC
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will provide insights for defending against […]| ASEC
The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post provides a technical analysis of […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of September, 2025”| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 1, Sep. 2025 Japan-Based Automotive Company Listed as a New Victim of Ransomware Group Black Nevas Emergence of New Ransomware Groups: Desolator and LunaLock Korean Electronics Parts Manufacturer Targeted by Ransomware Group Gunra| ASEC
DireWolf Ransomware Group The DireWolf ransomware group made their first appearance in May 2025. On May 26 of the same month, they disclosed their first 6 victims on a darknet leak site, marking the beginning of their full-fledged activities. The group stated that their only goal is money and contacts their victims through the Tox […]| ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of August, 2025”| ASEC
Ransom & Dark Web Issues Week 4, August 2025 ASEC| ASEC
Warning About NightSpire Ransomware Following Cases of Damage in South Korea ASEC| ASEC
Zip Slip, Path Traversal Vulnerability during File Decompression ASEC| ASEC
Darkweb | ASEC
Darkweb | ASEC
Darkweb | ASEC
Malware | ASEC
Malware | ASEC
Darkweb | ASEC
Malware | ASEC
DigitalPulse Proxyware Being Distributed Through Ad Pages ASEC| ASEC
Proxyware Malware Being Distributed on YouTube Video Download Site - 2 ASEC| ASEC
Ransom & Dark Web Issues Week 3, August 2025 ASEC| ASEC
July 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
July 2025 Threat Trend Report on Ransomware ASEC| ASEC
July 2025 Trend Report on Phishing Emails ASEC| ASEC
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project ASEC| ASEC
