Shares tag: SmoothOperator • Published within a month
ESET Threat Report H1 2023
2023-07-11 • ESET •
https://www.welivesecurity.com/wp-content/uploads/2023/07/eset_threat_report_h12023.pdf
Attachments
ESET's H1 2023 threat report mentions North Korea-aligned exploitation in its Log4Shell section rather than as a full actor case study. The report says CISA warned that North Korea-aligned ransomware operators had targeted healthcare systems in South Korea and the United States, with Log4Shell exploitation used as one access technique. It also cites AhnLab reporting that Lazarus exploited the same vulnerability. ESET does not separate telemetry by CVE-2021-44228 and CVE-2021-45046 in that passage, so the safe takeaway is that unpatched Log4j remained relevant to DPRK-linked intrusion and ransomware risk against healthcare environments.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | asxcnx.com | 2023-07-11 | 2023-07-11 |
| DOMAIN | 123w0w.com | 2023-07-11 | 2023-07-11 |
| DOMAIN | viixikup.com | 2023-07-11 | 2023-07-11 |
| DOMAIN | pogothere.xyz | 2023-07-11 | 2023-07-11 |
Related Reports
Shares tag: SmoothOperator • Published within a month
2023-08-08 •
40% Match
#Trend
#LabyrinthChollima
#T1020
#T1555
#T1046
#T1036
#T1204
#T1552
#T1059
#T1003
#T1480
#T1078
#T1190
#T1016
#T1547
#T1070
#T1056
#T1110
#T1482
#T1558
#T1556
#T1556.008
Shares tag: Trend • Published within a month
Shares tag: Trend • Published within a month
Shares tag: Trend • Published within a week
Shares tag: Trend • Published within a week