AhnLab, Inc.

⚠️Phishing email attacks by the Larva-24005 group targeting Japan Larva-24005, a sub-group of the Kimsuky threat actor, is running phishing campaigns from compromised servers in South Korea to target Japan.   📌Key Findings - Phishing emails are disguised as Zoom invitations, Microsoft login pages, and more. - Japanese IME is installed to craft phishing emails in Japanese. - Primary targets include university professors and nonprofits in Japan involved in North Korea–related activities.   Larva-24005 is actively running these attacks. Always verify the sender’s information.   Read more: https://lnkd.in/gKHgxgSQ AhnLab’s Threat Actor Naming: https://lnkd.in/g43bKFM8

📌 AhnLab TIP Weekly Report – 1st Week of March 📌 Stay updated on this week’s major ransomware and dark web issues! 🔍 🖧 SSH and DNS access to the world’s second-largest instant noodle brand is for sale on BreachForums 🎚️ hacktivist SECT0R16 claims to have attacked a greenhouse control system in Jeonju, South Korea 🗂️ The ransomware group Fog leaked 3TB+ of GitLab data from 19 global government agencies and companies #cybersecurity #ransomware #darkweb #threatintelligence

🌟AhnLab x Quad Miners x APTSecure Day in Makati🌟 Today, we are delighted to announce that the "AhnLab x Quad Miners x APTSecure Day in Makati" event was successfully hosted in collaboration with our global partner APTSecure and Korean NDR vendor Quad Miners! The event provided a valuable opportunity to connect with local customers in the Philippines and share knowledge, security trends and insights on how to stay secure in a complex security environment. Also, we were able to share our cutting edge security technologies on: - Anti-DDoS solution - Ransomware Protection - Network Detection & Response - Extended Detection & Response AhnLab will continue to expand collaboration with partners globally to overcome cybersecurity challenges and build a safe and secure future.  #Cybersecurity #AhnLab #QuadMiners #APTSecure 

📌 AhnLab TIP Weekly Report – 4th Week of February 📌 Stay updated on this week’s major ransomware and dark web issues! 🔍 🗪 Black Basta, whose activity has declined since 2025, has had its chat logs leaked 🏴☠️ The U.S. subsidiary of a South Korean boiler manufacturer has been listed as a new victim of Akira ransomware. 📡 A new ransomware group, Anubis, has emerged. #CyberSecurity #DarkWeb #Ransomware #ThreatIntelligence #TI

🚨 LummaC2 Malware Spreading via Fake Total Commander Crack Threat actors are spreading LummaC2 malware disguised as a cracked version of Total Commander, tricking users searching for cracked software into downloading malware from deceptive websites.   How it infects 1. Malicious links lead to fake download pages (Google Colab, Reddit, etc.). 2. Downloaded file contains a password-protected, double-compressed ZIP file. 3. Running the installer infects the system with LummaC2 malware, stealing credentials.   Only download software from official sources to avoid malware infections.   🔗 Learn more: https://lnkd.in/dfExMwQy   #CyberSecurity #LummaC2 #InfoStealer #Malware #ThreatIntel #TotalCommander

📌 AhnLab TIP Weekly Report – 3rd Week of February 📌 Stay updated on this week’s major ransomware and dark web issues! 🗂️ User data from a South Korea-based online cosmetics retailer was leaked on Leakbase. 🏴☠️ Threat group Tooda hacked Doxbin, dumped all user accounts, and leaked internal data. 📡 A new ransomware group, Linkc, has emerged. #CyberSecurity #DarkWeb #Ransomware #ThreatIntelligence #TI

❄️AhnLab Base Up Day 2025❄️ At Elysian Ski Resort, where the crisp winter air feels refreshing, AhnLab is hosting ‘AhnLab Base Up Day 2025’ with our valued partners!   This event brings AhnLab’s partners together to share our partner strategies, AhnLab’s roadmap, new product launches, and use cases, fostering a stronger partnership. Additionally, we have prepared exciting activities for our partners to enjoy, making this experience even more memorable. We sincerely appreciate all our partners for joining us and look forward to closely collaborating and growing together this year! #AhnLab #BaseUpDay #PartnerEvent #Cybersecurity #Partnership #Security #Elysianskireort

🎉AhnLab selected as supplier for '2025 AI voucher support Program' in South Korea🎉   AhnLab has been selected as an official supplier for the 2025 AI Voucher Support Program, where we will be providing our comprehensive suite of AI-powered security solutions to participating organizations.   🔎 As part of the program AhnLab will be provide five advanced AI-powered security solutions • AhnLab V3 – AhnLab’s flagship Antivirus • AhnLAb XDR - AI-powered threat analysis • AhnLab EDR - Next generation endpoint detection and response • AhnLab MDS - Sandbox-based APT defense • AhnLab SOAR - Security Orchestration, Automation, and Response    Through these solutions, participating companies can strengthen their defenses against cyber threats, including malware, and improve security operational efficiency providing meaningful support to businesses undergoing digital transformation   Read full article: https://lnkd.in/gKGQfs9y   #AhnLab #CyberSecurity #AI

🚨 Akira Ransomware: A Persistent Threat 🚨 Active since March 2023, Akira ransomware targets organizations by exfiltrating data and encrypting systems, pressuring victims with double-extortion tactics.   🔍 Key Attack Techniques: Initial Access: - Exploits unprotected VPNs & system vulnerabilities - Privilege Escalation: Uses deceptive folders & credential theft tools - Lateral Movement & Data Theft: Hijacks Active Directory, deploys RDP, PsExec, and exfiltrates data via FTP or cloud services. - Impact: Encrypts files with .akira extension and drops ransom notes for negotiations.   Akira ransomware continues to exploit known vulnerabilities and stolen credentials. Organizations must enforce MFA, secure remote access, and apply patches to reduce risk.   🔗 Read more: https://lnkd.in/gX_ADW-4   #CyberSecurity #Ransomware #AkiraRansomware #ThreatIntel 

📌 AhnLab TIP Weekly Report – 2nd Week of February 📌 Stay updated on this week’s major ransomware and dark web issues! 🔍 🗂️ Personal data from a South Korean children's art education institution has been listed on the dark web. 📡 A new ransomware group, Kraken Group, has emerged. 👮♂️ Operation Phobos Aetor resulted in the arrest of four Phobos ransomware suspects and the takedown of 8Base’s DLS. #CyberSecurity #DarkWeb #Ransomware #ThreatIntelligence #TI