Tag: south korea

12 Attack Reports | 0 Vulnerabilities

Attack reports

Lazarus APT updates its toolset in watering hole attacks

The Lazarus group has launched a sophisticated attack campaign dubbed 'Operation SyncHole' targeting South Korean organizations. The operation combines watering hole attacks with exploitation of vulnerabilities in South Korean software. At least six organizations in the software, IT, financial, sem…
apt
supply chain
south korea
vulnerability exploitation
watering hole
2025-04-24
copperhedge
signbt
threatneedle
agamemnon downloader
wagent
Published: April 24, 2025
Downloadable IOCs: 0

APT Group Profiles - Larva-24005

A new operation named Larva-24005, linked to the Kimsuky group, has been discovered by ASEC. The threat actors exploited RDP vulnerabilities to infiltrate systems, installing MySpy malware and RDPWrap for continuous remote access. They also deployed keyloggers to record user inputs. The group has b…
apt
phishing
kimsuky
south korea
CVE-2017-11882
keylogger
CVE-2019-0708
japan
2025-04-22
randomquery
rdp exploitation
bluekeep
myspy
kimalogger
Published: April 22, 2025
Downloadable IOCs: 0

Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer

A new malware called DocSwap, disguised as a document viewing authentication app, was discovered targeting South Korean mobile users. The malware, linked to a North Korean APT group, performs keylogging and information theft through accessibility services. It decrypts an obfuscated APK file, execut…
apt
north korea
south korea
2025-04-12
dpkr
docswap
accessibility services
Published: April 12, 2025
Downloadable IOCs: 0

March 2025 APT Group Trends (South Korea)

This intelligence report analyzes Advanced Persistent Threat (APT) attacks in South Korea during March 2025. The majority of attacks were classified as spear phishing, with LNK file distribution being the most prevalent method. Two types of LNK-based attacks were identified: Type A, which uses a CA…
obfuscation
apt
python
powershell
south korea
pebbledash
lnk files
spear phishing
2025-04-10
nukesped
task scheduler
cab files
Published: April 10, 2025
Downloadable IOCs: 0

APT Targets South Korea with Deceptive PDF Lures

The Kimsuky APT group, also known as Black Banshee, has been actively targeting South Korean government entities using evolving tactics. Two distinct campaigns were uncovered, both utilizing government-themed PDF documents as lures. The infection chain begins with a phishing email containing a mali…
obfuscation
apt
phishing
south korea
keylogging
lnk file
data exfiltration
cryptocurrency theft
snakekeylogger
2025-04-04
vba script
Published: April 4, 2025
Downloadable IOCs: 0

South Korean Organizations Targeted by Cobalt Strike 'Cat' Delivered by a Rust Beacon

An exposed web server containing tools for an intrusion campaign targeting South Korean organizations was identified. The server hosted a Rust-compiled Windows executable delivering Cobalt Strike Cat, along with SQLMap, Web-SurvivalScan, and dirsearch. The threat actor used these tools to identify …
sql injection
south korea
reconnaissance
2025-03-18
rust beacon
cobalt strike cat
marte
mingw
open directory
marte shellcode
Published: March 18, 2025
Downloadable IOCs: 9

Supply chain of Korean VPN service compromised

ESET researchers have uncovered a supply-chain attack against a South Korean VPN provider by a previously unknown China-aligned APT group named PlushDaemon. The attackers replaced the legitimate VPN installer with a malicious version that deployed their SlowStepper backdoor, a feature-rich implant …
backdoor
supply-chain
apt
espionage
china
south korea
vpn
2025-01-22
slowstepper
Published: January 22, 2025
Downloadable IOCs: 0

December 2024 Threat Trend Report on APT Attacks (South Korea)

This intelligence report analyzes Advanced Persistent Threat (APT) attacks targeting South Korea in December 2024. The primary method of attack was spear phishing, with a focus on distributing LNK files. Two main types of attacks were identified: Type A, which uses compressed CAB files containing m…
apt
rat
rokrat
south korea
xenorat
spear-phishing
lnk files
2025-01-09
decoy documents
Published: January 9, 2025
Downloadable IOCs: 3

Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)

The Andariel group has been targeting various South Korean software solutions, particularly asset management and document management systems. Recent attacks involve the installation of SmallTiger malware, often through exploiting vulnerabilities in outdated software versions. In asset management so…
south korea
rdp
smalltiger
keylogger
web shell
2024-12-31
modeloader
document management
asset management
Published: December 31, 2024
Downloadable IOCs: 5

New Android Spyware Campaign Targets South Koreans via AWS

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
android
spyware
south korea
cloud security
data exfiltration
aws
mobile malware
2024-10-01
stealth techniques
Published: October 1, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 7

Private HTS Program Continuously Used in Attacks

This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk soft…
south korea
quasar rat
2024-07-17
Published: July 17, 2024
Downloadable IOCs: 1

SecretCalls: A Formidable App of Notorious Korean Financial Fraudster

Voice phishing groups in South Korea build phishing pages and apps like SecretCalls to trick victims into installing malware and accessing phishing sites for financial fraud. Detailed analysis of SecretCalls Loader reveals anti-analysis techniques like DEX encryption, emulator detection, and instal…
android
2024-05-03
south korea
financial fraud
secretcalls
voice phishing
Published: May 3, 2024
Downloadable IOCs: 23
Click here to see more Attack Reports