Tag: 2024-06-17

Security researchers at ASEC have discovered that a threat actor is using high-performance bots to turn compromised systems into their central server (C2) servers, using tools such as the Cloudflare tunneling client.

This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to copy and paste malicious PowerShell scripts to infect their computers. The threat actors TA571 and ClearFake activity cluster employ this method to deliver malware like Dar…

This analysis examines an attack where a threat actor compromised a Korean company's ERP server, initially accessing it through a poorly secured MS-SQL service. The actor installed a web shell, stole credentials, and ultimately set up SoftEther VPN on the server, likely to use it as part of a comma…