ASEC Blog publishes Ransom & Dark Web Issues Week 1, May 2026         Guatemalan Government Agency Data Sold on DarkForums BlackWater Ransomware Attack Targets Chinese Auto Parts Manufacturer Japanese Fintech Firm Suffers Unauthorized GitHub Access

ASEC Blog publishes Ransom & Dark Web Issues Week 5, April 2026           Emergence of a new ransomware group, M3RX Data from a South Korean religious organization sold on DarkForums ShinyHunters claims a data leak from a US interactive media company

ASEC Blog publishes Ransom & Dark Web Issues Week 4, April 2026           ShinyHunters Claims Data Breach Involving Major U.S. Convenience Store Chain ShinyHunters Claims Theft of Internal Data and Source Code from U.S. Software Development Firm Emergence of New Data Extortion Group: Prinz Eugen

The post New “PowMix” Botnet Preys on Czech Workforce with Lure of Compliance appeared first on Daily CyberSecurity. Related posts: Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto PDFSIDER Discovered: New APT Malware Uses DLL Side-Loading to Evade Detection OCRFix: When Fake CAPTCHAs, AI, and Blockchains Collide to Build a Botnet

ASEC Blog publishes Ransom & Dark Web Issues Week 3, April 2026           Emergence of New Ransomware Groups: TiMC, BlackWater, and Lamashtu [1], [2], [3] NoName05716 Claims DDoS Attacks on South Korean Public & Private Sectors [1], [2], [3] VECT & TeamPCP Campaign: Supply Chain Attack Exploiting Global Travel Platform

Overview In recent years, cyber threat actors have consistently attempted to exploit living off the land binaries (LOLBins) built into systems to bypass detection by security products. Such attack methods effectively evade traditional signature-based detection by not distributing a separate malicious file, but instead relying on tools trusted by the operating system.Among them, MSBuild.exe is […]

ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2026           Emergence of New Ransomware Group ‘KryBit’ Gunra, Ransomware Attack Targeting South Korean Pharmaceutical Company DragonForce, Ransomware Attack Targeting Egyptian Generic Drug Developer and Manufacturer

ASEC Blog publishes Ransom & Dark Web Issues Week 1, April 2026           Ransomware group NetRunner attack against the Indian subsidiary of a South Korean auto parts manufacturer Ransomware group Everest attack against a major Japanese automaker ShinyHunters claims of source code and internal data leak from a U.S. network infrastructure […]

Overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution phase.   Category Previous Distribution […]

AhnLab’s engine development team found a number of apps on the Google Play Store and Apple App Store that disguised themselves as dealing with topics close to our daily lives, such as government policies and learning apps, and displayed excessive ads.   Figure 1. Hyped apps circulating on Google Play Store Figure 2. Hyped apps […]

ASEC Blog publishes Ransom & Dark Web Issues Week 4, March 2026           Japanese Automaker Suffers Personal Data Breach via Unauthorized External Access INC Ransom Targets South Korean Steel Manufacturer in Ransomware Attack LeakBase Forum Administrator Arrested in Russia

AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Larva-26002 threat actor continues to target improperly managed MS-SQL servers in 2026. The Larva-26002 threat actor has distributed Trigona and Mimic ransomware in the past, and has since seized control of infected systems and installed scanners. The latest confirmed attack utilizes the ICE Cloud Client, a […]

ASEC Blog publishes Ransom & Dark Web Issues Week 3, March 2026           New Threat Actor CipherForce Claims Cyberattack on South Korean Job Portal New Threat Actor Loki Emerges, Leaks US Citizens’ Personal Data Cybercrime Forum LeakBase Shut Down Again by Russian Authorities

Distribution Method – SEO Poisoning Typically, people perceive the sites that appear at the top of Google search results as the “most authoritative and official” sites. however, threat actors are playing on the psychology of such users, manipulating the search engine’s algorithms to place malicious sites at the top. SEO poisoning is an attack technique […]

ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2026         Qilin ransomware attack targeting a well-known dermatology clinic in South Korea and the Korean branch of a global advertising company [1], [2] KillSec and Everest ransomware attacks targeting a South Korean exhibition management platform and an elevator manufacturer [1], […]

ASEC Blog publishes Ransom & Dark Web Issues Week 1, March 2026         Morpheus Launches Ransomware Attack on South Korean Plating Company Ailock Resumes Activity and Republishes Previous Ransomware Victims Pro-Iranian and Pro-Islamist Hacktivist Groups Launch Cyber Attacks on Middle Eastern and Pro-Western Targets [1], [2]

ASEC Blog publishes Ransom & Dark Web Issues Week 4, Fabruary 2026           Source code of a South Korean accounting automation solution provider sold on BreachForums Beast ransomware attack targeting a South Korean pharmaceutical company and battery safety component manufacturer [1], [2] Atomsilo resumes activity and discloses new victim

ASEC Blog publishes Ransom & Dark Web Issues Week 3, Fabruary 2026           Anubis and The Gentlemen launch ransomware attacks targeting a South Korean plastics manufacturer and an IT consulting company [1], [2] Emergence of the new ransomware group Payload ShinyHunters claims data breach involving a well-known Canadian apparel manufacturer

ASEC Blog publishes Ransom & Dark Web Issues Week 2, February 2026           Beast, Ransomware Attack Targeting a South Korean Aerospace Component Manufacturer RipperSec, Claims of DDoS Attacks Targeting South Korean Exhibition Centers, Military Training Grounds, Associations, and Defense-related Companies [1], [2], [3], [4] NoName05716, Claims of DDoS Attacks Targeting the […]

ASEC Blog publishes Ransom & Dark Web Issues Week 1, Fabruary 2026         Qilin Targets South Korean Public Broadcaster with Ransomware Confidential Military Data from U.S. Aerospace Composites Manufacturer Sold on BreachForums ShinyHunters Leaks Data from Two Prestigious U.S. Private Universities