• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   South Korea

Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

  • Posted on:March 28, 2019 at 5:02 am
  • Posted in:Bad Sites, Mobile
  • Author:
    Joseph C Chen (Fraud Researcher)
0

We discovered a phishing campaign targeting South Korean websites and users’ credentials using the watering hole technique. Labeling the campaign Soula, cybercriminals injected a malicious JS code in at least four websites for a fake login pop-up to appear at intervals before they can continue using the pages.

Read More
Tags: JavaScriptphishingSouth Koreawatering hole

Supply Chain Attack Operation Red Signature Targets South Korean Organizations

  • Posted on:August 21, 2018 at 6:04 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

Together with our colleagues at IssueMakersLab, we uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discovered the attacks around the end of July, while the media reported the attack in South Korea on August 6.

The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.

9002 RAT also installed additional malicious tools: an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper. These tools hint at how the attackers are also after data stored in their target’s web server and database.

Read More
Tags: Operation Red SignatureSouth Koreasupply chain

Shadow Force Uses DLL Hijacking, Targets South Korean Company

  • Posted on:September 9, 2015 at 1:00 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Dove Chiu (Threat Researcher)
0

What sort of interest would a businessman have in a news agency? That was the question that arose from our recent investigation on an attack that appears to target a media agency in South Korea. Shadow Force is a new backdoor that replaces a DLL called by a particular Windows service.  Once that backdoor is open, the attacker…

Read More
Tags: APTbackdoorshadow forceSouth Korea

Mobile Malware Gang Steals Millions from South Korean Users

  • Posted on:February 12, 2015 at 10:08 am
  • Posted in:Mobile
  • Author:
    Simon Huang (Mobile Security Engineer)
0

Today we’re releasing our research paper on the operations of the Yanbian Gang—a Chinese cybercriminal group that use mobile malware to siphon off money from account holders of South Korean banks. They are able to transfer up to US$1,600 worth of local currency from victims’ accounts every single day since 2013. This investigation is the result…

Read More
Tags: androidChinese mobile undergroundfake appsMalwareMobileSouth KoreaYanbian Gang

MBR Wiper Attacks Strike Korean Power Plant

  • Posted on:December 23, 2014 at 3:18 pm
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro
0

In recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South…

Read More
Tags: HWPMBRMBR WiperSouth KoreaThe Interview
Page 1 of 3123

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.