lazarusholicApr 21, 2025
"APT Group Profiles - Larva-24005" published by Ahnlab. #CVE-2019-0708, #Larva-24005, #RandomQuery, #DPRK, #CTI https://asec.ahnlab.com/en/87554/
APT Group Profiles - Larva-24005 - ASEC

    1)   Introduction   During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 The threat actors exploited the RDP vulnerability to infiltrate the system. They then changed the system configuration by installing the MySpy malware and RDPWrap to create […]

ASEC
lazarusholicApr 14, 2025
"APT그룹 추적 보고서 - Larva-24005" published by Ahnlab. #CVE-2019-0708, #Larva-24005, #RandomQuery, #DPRK, #CTI https://asec.ahnlab.com/ko/87453/
APT그룹 추적 보고서 - Larva-24005 - ASEC

    1)   소개   안랩 ASEC(AhnLab SEcurity intelligence Center)은 침해 사고 조사 과정에서 Kimsuky 그룹과 연관된 새로운 오퍼레이션을 발견하고 Larva-24005로 명명했다.[1] 이들은 RDP 취약점으로 최초 침투 후 MySpy 악성코드로 시스템 설정을 변경하고, RDPWrap을 설치해 지속적인 원격 접근 환경을 만들었다. 또, 사용자의 키보드 입력을 저장하는 키로거를 감염시켰다.   포렌식 분석을 통해 확인된 위협 정보는 ATIP을 […]

ASEC
lazarusholicJan 6, 2025
"Exposing the Steps of the Kimsuky APT Group" published by PicusSecurity. #Kimsuky, #RandomQuery, #GoldDragon, #xRAT, #DPRK, #CTI https://www.picussecurity.com/resource/blog/exposing-the-steps-of-the-kimsuky-apt-group
Exposing the Steps of the Kimsuky APT Group

Learn the exposed steps of Kimsuky APT, a North Korean cyber-espionage group, including their tactics, tools, and techniques, and how to defend against them.

lazarusholicJun 12, 2024
"APT-C-55(Kimsuky)组织在RandomQuery活动中投递开源RAT的攻击活动分析" published by Qihoo360. #APT-C-55, #XenoRAT, #RandomQuery, #CTI, #OSINT, #LAZARUS https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247498735&idx=1&sn=a0f713dddc2c2c69beca6137980dd27e
lazarusholicMar 16, 2024
"APT-C-55(Kimsuky)组织的RandomQuery窃密攻击活动分析" published by Qihoo360. #APT-C-55, #RandomQuery, #CTI, #OSINT, #LAZARUS https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247495843&idx=1&sn=7965885f6dc8503c7fc49b7002816d13&chksm=f9c1c3aaceb64abcf4ee0b127600eed9c4013a3aaa1a7af7fb3d222b9264b365eed9fb475028&scene=178&cur_album_id=1915287066892959748#rd
lazarusholicDec 8, 2023
"2023 Oct - Threat Trend Report on Kimsuky Group" published by Ahnlab. #Trend, #Kimsuky, #BabyShark, #FlowerPower, #RandomQuery, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/59745/
2023 Oct - Threat Trend Report on Kimsuky Group - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG
lazarusholicNov 13, 2023
"2023 Sep - Threat Trend Report on Kimsuky Group" published by Ahnlab. #Kimsuky, #BabyShark, #FlowerPower, #AppleSeed, #RandomQuery, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/59020/
2023 Sep - Threat Trend Report on Kimsuky Group - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG
lazarusholicOct 23, 2023
"2023 Aug - Threat Trend Report on Kimsuky Group" published by Ahnlab. #Kimsuky, #BabyShark, #FlowerPower, #AppleSeed, #RandomQuery, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/57938/
2023 Aug - Threat Trend Report on Kimsuky Group - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG
lazarusholicAug 16, 2023
"Threat Trend Report on Kimsuky – June 2023" published by Ahnlab. #Trend, #Kimsuky, #FlowerPower, #RandomQuery, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/wp-content/uploads/2023/08/ATIP_2023_Jun_Threat-Trend-Report-on-Kimsuky-Group-1.pdf
lazarusholicJul 7, 2023
"Threat Trend Report on Kimsuky - May 2023" published by Ahnlab. #Kimsuky, #AppleSeed, #FlowerPower, #RandomQuery, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/55199/
Threat Trend Report on Kimsuky - May 2023 - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG