Malware Used in Attacks Against Korean Companies
Essential information
- Published
- 01/07/2024 10:23
- Modified
- 01/07/2024 10:46
- Tags
- 2024-07-01 andariel hotcroissant korea lazarus xcloader xctdoor
- Related entities
- 9 observables, 1 intrusion sets (apt), 17 techniques (mitre), 3 malware, 3 others
Description
A recent analysis by ASEC discovered attacks exploiting a Korean ERP solution to distribute malware like XcLoader and Xctdoor. The attacks targeted Korean defense and manufacturing companies. The malware was propagated by compromising ERP update servers to install backdoors. Xctdoor captures system information and executes commands from threat actors.