» Threat Intelligence Blog

On January 4, 2023, Ahn Lab Security Response Center (ASEC) researchers reported the technical details of a new Linux malware written using Shc delivering a cryptocurrency miner. ASEC researchers assess that the campaign is primarily targeting unspecified systems in South Korea. According to ASEC researchers, the malware authenticates through a dictionary attack on Linux SSH…

Context APT37 is a known, sophisticated North Korean state-backed actor that has historically leveraged Internet Explorer zero-days to target North Korean defectors, government officials, journalists, and activists in South Korea. Technical Details CVE-2022-41128 was patched by Microsoft on November 8, 2022. According to Microsoft, “this vulnerability requires that a user with an affected version of…

On December 6, 2022, Microsoft researchers reported technical details of a campaign targeting cryptocurrency organizations globally using what they describe as complex tactics. Community Impact Many retail, travel, and hospitality organizations maintain financial relationships with cryptocurrency firms for business reasons or accept cryptocurrency as payment and maintain relationships with organizing firms for financial reasons. As…

Context On November 20, 2020, the FIFA World Cup 2022 is scheduled to begin in Qatar. Multiple retail, hospitality, and travel organizations are involved in this event to varying degrees and on various fronts and may be affected, including: Organizations, especially hospitality organizations, with a presence in Qatar Organizations that handle sports betting Organizations that…

On November 9, 2022, Trend Micro researchers reported two campaigns they attribute to a new threat group Earth Longzhi, which they assess is a subgroup of APT41. Context Trend Micro researchers based the assessed connection between the groups on shared targets, shared Cobalt Strike metadata, code similarities, and shared tactics, techniques, and procedures (TTPs). Impact…