• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   South Korea

Supply Chain Attack Operation Red Signature Targets South Korean Organizations
  • Posted on:August 21, 2018 at 6:04 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

Together with our colleagues at IssueMakersLab, we uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discovered the attacks around the end of July, while the media reported the attack in South Korea on August 6.

The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.

9002 RAT also installed additional malicious tools: an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper. These tools hint at how the attackers are also after data stored in their target’s web server and database.

Read More
Tags: Operation Red SignatureSouth Koreasupply chain

Shadow Force Uses DLL Hijacking, Targets South Korean Company
  • Posted on:September 9, 2015 at 1:00 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Dove Chiu (Threat Researcher)
0

What sort of interest would a businessman have in a news agency? That was the question that arose from our recent investigation on an attack that appears to target a media agency in South Korea. Shadow Force is a new backdoor that replaces a DLL called by a particular Windows service.  Once that backdoor is open, the attacker…

Read More
Tags: APTbackdoorshadow forceSouth Korea

Mobile Malware Gang Steals Millions from South Korean Users
  • Posted on:February 12, 2015 at 10:08 am
  • Posted in:Mobile
  • Author:
    Simon Huang (Mobile Security Engineer)
0

Today we’re releasing our research paper on the operations of the Yanbian Gang—a Chinese cybercriminal group that use mobile malware to siphon off money from account holders of South Korean banks. They are able to transfer up to US$1,600 worth of local currency from victims’ accounts every single day since 2013. This investigation is the result…

Read More
Tags: androidChinese mobile undergroundfake appsMalwareMobileSouth KoreaYanbian Gang

MBR Wiper Attacks Strike Korean Power Plant
  • Posted on:December 23, 2014 at 3:18 pm
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro
0

In recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South…

Read More
Tags: HWPMBRMBR WiperSouth KoreaThe Interview

Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel
  • Posted on:December 15, 2014 at 9:53 am
  • Posted in:Bad Sites, Exploits, Malware
  • Author:
    Joseph C Chen (Fraud Researcher)
0

We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks…

Read More
Tags: banking Trojanexploit kitonline banking malwarePinterestSouth Korea
Page 1 of 3123

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  • Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • Fake Banking App Found on Google Play Used in SMiShing Scheme
  • Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.