Post

Makop Ransomware Identified in Attacks in South Korea

Posted
By ictsec.pl
1 min read
Makop Ransomware Identified in Attacks in South Korea

AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by disguising as resumes or emails related to copyrights for several years. Recently, it has been reported that the ransomware is exploiting RDP for attacks.

Key Points:

  1. Installing Malware Using RDP
    Threat actors who exploit Remote Desktop Services (RDP) as an attack vector generally scan systems that are accessible from external sources and have RDP activated. For the identified systems, threat actors perform brute force or dictionary attacks. If a user is using inappropriate account credentials, threat actors can easily obtain the account credentials.

  2. Gaining Control Over Systems
    If a threat actor logs into a system using the account credentials they obtained, they can gain control over the system, allowing them to perform various malicious behaviors. Ransomware strains that attack RDP include Phobos, GlobeImposter, MedusaLocker, Hakuna matata, Venus, and Crysis.

To read the complete article see:
ASEC Report

MALWARE
MAKOP RANSOMWARE SOUTH KOREA ASEC
This post is licensed under CC BY 4.0 by the author.