APT Group Profiles - Larva-24005
Contents
APT Group Profiles – Larva-24005
1) Introduction
During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 The threat actors exploited the RDP vulnerability to infiltrate the system. They then changed the system configuration by installing the MySpy malware and RDPWrap to create a continuous remote access environment. They also infected the system with a keylogger that records the user’s keyboard inputs.
The threat information identified through forensic analysis has been made public by the ATIP. The information includes the following cases: “Kimsuky Threat Actor Group’s Exploitation of BlueKeep Vulnerability to Breach and Leak Information from Korean Systems” [2] and “Larva-24005 Threat Actor Group’s Use of a Korean Server as Their Main C2” [3].
2) Targets and Cases
These threat actors have been attacking South Korea’s software, energy, and financial industries since October 2023 and have been sending phishing emails to …
1) Introduction
During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 The threat actors exploited the RDP vulnerability to infiltrate the system. They then changed the system configuration by installing the MySpy malware and RDPWrap to create a continuous remote access environment. They also infected the system with a keylogger that records the user’s keyboard inputs.
The threat information identified through forensic analysis has been made public by the ATIP. The information includes the following cases: “Kimsuky Threat Actor Group’s Exploitation of BlueKeep Vulnerability to Breach and Leak Information from Korean Systems” [2] and “Larva-24005 Threat Actor Group’s Use of a Korean Server as Their Main C2” [3].
2) Targets and Cases
These threat actors have been attacking South Korea’s software, energy, and financial industries since October 2023 and have been sending phishing emails to …