216.73.217.80

Malware Used in Attacks Against Korean Companies

· Published 01/07/2024 10:23 · Modified 01/07/2024 10:46

Export JSON

Essential information

Published
01/07/2024 10:23
Modified
01/07/2024 10:46
Tags
2024-07-01 andariel hotcroissant korea lazarus xcloader xctdoor
Related entities
9 observables, 1 intrusion sets (apt), 17 techniques (mitre), 3 malware, 3 others

Description

A recent analysis by ASEC discovered attacks exploiting a Korean ERP solution to distribute malware like and . The attacks targeted Korean defense and manufacturing companies. The malware was propagated by compromising ERP update servers to install backdoors. captures system information and executes commands from threat actors.

External references