표적형 공격? 중앙 관리 소프트웨어를 ‘수비’하라

AhnLab’s ASEC quarterly report highlights targeted abuse of centralized management software in Korean enterprise and institutional environments, where attackers used management servers or vulnerable client agents to distribute malware at scale. The report…

North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk

McAfee analyzed Android spyware delivery against North Korean defectors, journalists, and groups assisting defectors, with attackers using KakaoTalk, Facebook, email, and Google-shortened links to push malicious APKs. The droppers posed as apps such as “P…

개발중인 북한 관련 채굴 악성코드

A Korean malware analysis of three AlienVault-published samples links a Monero cryptocurrency miner to suspected North Korea-related activity, noting the broader context of Lazarus shifting toward financial targets. The samples appear to be successive bui…

A North Korean Monero Cryptocurrency Miner

AlienVault analyzed a Christmas Eve 2017 Windows installer that deployed software likely to be xmrig for Monero mining. The installer copied intelservice.exe and updater.exe into C:\Windows\Sys64, launched a randomly named executable from C:\SoftwaresInst…

문서파일 취약점을 활용한 파일리스(Fileless) 악성코드의 스텔스 위협

ESRC analyzed a malicious HWP document disguised as analysis of North Korea’s 2018 New Year address and assessed it as part of an ongoing spear-phishing pattern against Korean targets. The document embeds an Encapsulated PostScript component that runs she…

Hi-Tech Crime Trends 2018

Group-IB's Hi-Tech Crime Trends 2018 report places Lazarus among state backed groups capable of sabotage and financially motivated attacks against banks. The excerpt notes that bank availability and disruption tooling are priorities for attackers and name…