216.73.217.176

Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)

· Published 31/12/2024 16:26 · Modified 31/12/2024 16:57

Export JSON

Essential information

Published
31/12/2024 16:26
Modified
31/12/2024 16:57
Tags
2024-12-31 asset management document management keylogger modeloader rdp smalltiger south korea web shell
Related entities
5 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 1 others

Description

The Andariel group has been targeting various South Korean software solutions, particularly and systems. Recent attacks involve the installation of malware, often through exploiting vulnerabilities in outdated software versions. In solution attacks, the group uses and , sometimes replacing update programs to distribute malware. They also employ keyloggers and enable access for future intrusions. A new attack vector involves a Korean solution, where outdated Apache Tomcat servers are exploited. The attackers use system information queries, Advanced Port Scanner, and attempt to install web shells. Corporate security managers are advised to strengthen monitoring of centralized management solutions, apply security patches, and keep systems updated to prevent malware infections.

External references