AhnLab Security Center


Find the latest threat intelligences direct from AhnLab’s security experts

  • March 2023 Deep Web & Dark Web Threat Trend Report

    This trend report details the types of ransomware distributed via the deep web and dark web in March of this year, as well as the threat actors involved.

    Apr 7, 2023 Read More
    #DeepWeb #DarkWeb #ThreatActor
  • NEW
    March 2023 Threat Trend Report on KImsuky Group

    This analysis report details based on statistical data on how the activities of Kimsuky group have changed in comparison to February of this year.

    Apr 7, 2023Read More
    #Kimsuky #Malware #attack
  • NEW
    Threat Trend Report on Ransomware - March 2023

    This report provides statistics on the number of newly collected ransomware samples and affected systems during the month of March 2023.

    Apr 6, 2023Read More
    #Ransomware #CyberAttack #Compromise
  • NEW
    CVE Trend Report - March 2023 Vulnerability Statistics and Major Issues

    This trend report provides statistics on the trends and patterns of the top 10 most mentioned CVE vulnerabilities.

    Apr 6, 2023Read More
    #CVE #Vulnerabilities #Threats
  • Shadow Force Group's Viticdoor and CoinMiner

    This analysis report details the overall attack pattern for Shadow Force Group from 2020 to 2022.

    Mar 27, 2023 Read More
    #ShadowForce #Malware #Attack
  • February 2023 Threat Trend Report on Kimsuky Group

    This analysis report shows significant change in threat activities of Kimsuky group compared to January through statistical data.

    Mar 29, 2023 Read More
    #Kimsuky #Malware #attack
  • January 2023 Threat Trend Report on Kimsuky Group

    This report analyzes threat activities of Kimsuky group in 2023, focusing on 3 types of malware.

    Mar 16, 2023 Read More
    #Kimsuky #Malware #Attack
  • 2022 Threat Trend Report on Kimsuky Group

    This report analyzes threat activities of Kimsuky group, particularly those utilizing FlowerPower and AppleSeed malware.

    Feb 27, 2023 Read More
    #Kimsuky #FlowerPower #AppleSeed
  • CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky)

    This analysis report will discuss the distribution of CHM malware assumed to have been created by North Korean threat actor Kimsuky group.

    Mar 13, 2023 Read More
    #Kimsuky #CHM #Malware
  • PlugX Malware Being Distributed via Vulnerability Exploitation

    This analysis report reviews the installation of PlugX malware through Sunlogin and Awesun's remote code execution vulnerability.

    Mar 9, 2023 Read More
    #PlugX #Malware #Vulnerability
  • Anti-Forensic Techniques Used By Lazarus Group

    This analysis report aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group.

    Feb 23, 2023 Read More
    #Lazarus #ThreatActor #Anti-Forensic
  • Threat Trend Report on Region-Specific Ransomware

    This report investigates ransomware trends according to region and examines the different attack methods.

    Feb 14, 2023 Read More
    #Ransomware #Regional #Attacks
  • Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign

    This report will discuss the Dalbit,m00nlight APT attack campaign conducted by Chinese hackers, including the main methods used.

    February 23, 2023 Read More
    #Dalbit #m00nlight #APT
  • Analysis Report on Malware Distributed via Microsoft OneNote

    This report analyzes malware distributed via Microsoft OneNote, which is a rapidly increasing trend.

    Jan 30, 2023 Read More
    #Malware #OneNote #RLTO
  • Distribution of NetSupport RAT Malware Disguised as a Pokemon Game

    This report investigates NetSupport RAT malware being distributed from a phishing page for a Pokemon card game.

    Jan 6, 2023 Read More
    #NetSupport #RAT #Malware
  • Shc Linux Malware Installing CoinMiner

    This report examines Linux malware developed with Shc that has been installing a CoinMiner.

    Jan 4, 2023 Read More
    #Linux #Shc #CoinMiner
  • 2022 Threat Recap and 2023 Predictions

    In this article, AhnLab looks back at the Top 10 Cyber Threat Trends of 2022 and predicts upcoming trends for 2023.

    Dec 15, 2022 Read More
    #Threat #Trends #Attacks
  • The Major Ransomware Trends over the Last Two Years

    This article covers ransomware trends over the last two years, including notable characteristics of major ransomware groups.

    Dec 6, 2022 Read More
    #Ransomware #Trends #Attacks
  • Analysis Report on CVE-2022-26923 Vulnerability

    This report examines the vulerabilities of Active Directory Domain Services and methods to mitigate them.

    Oct 20, 2022 Read More
    #ActiveDirectory #Vulnerability #Domain
  • Analysis Report on Lazarus Group’s Rootkit Attack Using BYOVD

    This report analyzes Lazarus Group’s Rootkit attack method using BYOVD performed on vulnerable driver modules.

    Sep 22, 2022 Read More
    #Lazarus #Rootkit #BYOVD
  • Why Hackers Love Automatic Logins

    This article will discuss the principles behind Infostealer exploiting automatic login features and share ways to minimize damage.

    Sep 5, 2022 Read More
    #Infostealer #Hackers #AutomaticLogin
  • Analysis Report on CVE-2022-26134 Vulnerability

    This report analyzes vulnerable Atlassian Confluence servers that can result in OGNL injection attacks.

    Aug 11, 2022 Read More
    #Atlassian #OGNL #Injection
  • Threat Trend Report on LuoYu Group

    This report examines LuoYu Group's attack methods and major malware utilized by the group, including WinDealer.

    Aug 10, 2022 Read More
    #LuoYu #WinDealer #Malware
  • Analysis Report on Follina (CVE-2022-30190) Vulnerability

    This report will analyze the Follina zero-day vulnerability exploited through the Microsoft Support Diagnostic Tool(MSDT).

    Jun 27, 2022 Read More
    #Follina #Vulnerability #MSDT
  • Are Dark Web and Deep Web Hotbed of Hackers?

    This article analyzes recent trends of Dark Web and Deep Web, based on ransomware, black markets, and hacking groups.

    Jun 7, 2022 Read More
    #DarkWeb #DeepWeb #Hacking
  • Threat Trend Report on Conti Ransomware

    This analysis report presents cases of Conti Ransomware attacks, major tooles used, and related issues in detail.

    May 18, 2022 Read More
    #Conti #Ransomware #Attacks
  • Threat Trend Report on Operation Triple Tiang

    This report introduces Operation Triple Tiang, a cyber attack mission targeting South Korean fields of politics and foreign affairs.

    Mar 31, 2022 Read More
    #Operation #TripleTiang #Attacks
  • Threat Trend Report on Kimsuky Group’s 2021 Activities

    This analysis report examines the malicious activities of Kimsuky Group during the year 2021, including detailed cases and targets.

    Jan 28, 2022 Read More
    #Kimsuky #2021 #Attacks
  • Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)

    This analysis report focuses on types of malware recently utilized by the Kimsuky group, including AppleSeed and PebbleDash.

    Jan 5, 2022 Read More
    #Kimsuky #AppleSeed #PebbleDash
  • 2022 Cybersecurity Threat Outlook: What to Watch Out for

    This article takes a closer look at the top 5 cybersecurity threats in 2022 and shares security issues to watch out for in the new year.

    Jan 4, 2022 Read More
    #2022 #Threats #Trends
  • Analysis Report on Apache Log4Shell (CVE-2021-44228) Vulnerability

    This report details the Log4Shell vulnerability executed in the Apache Log4j 2 library.

    Dec 13, 2021 Read More
    #Log4Shell #Apache #Log4j2
  • BlackMatter Ransomware: Descendant of DarkSide?

    This article will analyze the characteristics, damage, and attack process of BlackMatter ransomware.

    Nov 2, 2021 Read More
    #BlackMatter #Ransomware #DarkSide
  • Threat Trend Report on Mustang Panda

    This report describes the malicious activities of the APT Group Mustang Panda and its attack methods.

    Aug 20, 2021 Read More
    #MustangPanda #APT #Attacks
  • Threat Trend Report on TeamTNT Group

    TeamTnT is a threat actor continuously attacking cloud environments since 2020. This report introduces the group's tactics and procedures.

    Jul 29, 2021 Read More
    #TeamTnT #Cloud #ThreatActor
  • 2020 Threat Review and 2021 Predictions

    This report will review the significant security threats of 2020 and share predictions for 2021 based on the relevant data analysis.

    Jan 7, 2021 Read More
    #2021 #Threats #Analysis
  • Five Malicious Sextortion Apps

    This analysis report will examine the top five malicious applications being used for sextortion scams.

    Jul 6, 2020 Read More
    #Sextortion #Applications #Scams
  • Operation Shadow Force

    This analysis report will examine Operation Shadow Force that had been hidden behind legitimate certificates for the last seven years.

    Apr 7, 2020 Read More
    #Operation #ShadowForce #Attacks
  • The Evolution of Magniber Ransomware

    This analysis report will examine the recent malicious activities of Magniber from changes in exploited vulnerability to shellcode.

    Mar 2, 2020 Read More
    #Magniber #Vulnerability #Shellcode
  • Sour Lemon Duck: PowerShell Malware Exploiting SMB Vulnerability

    This analysis report presents the kill-chain, primary functions, and internal proliferation methods of Lemon Duck in full detail.

    Dec 19, 2019 Read More
    #LemonDuck #PowerShell #SMBVulnerability
  • Operation Kabar Cobra: Tenacious cyber-espionage by Kimsuky

    This report describes the latest attacks by Kimsuky Group including main methods, and changes in their purpose and targets.

    Feb 28, 2019 Read More
    #Kimsuky #Operation #KabarCobra