2023.03.18 보안 이슈

==2023.03.18==

# 취약점 / 악성코드 

- FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

https://thehackernews.com/2023/03/fakecalls-vishing-malware-targets-south.html

- New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

https://thehackernews.com/2023/03/new-golang-based-hinatabot-exploiting.html

- 자산 관리 솔루션(TCO!Stream) 취약점 주의 및 업데이트 권고

https://asec.ahnlab.com/ko/49560/

- 중국과 러시아의 공격자들, 실크로더 사용해 탐지 회피해

 https://www.boannews.com/media/view.asp?idx=115254&kind=1&sub_kind= 

- Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm

https://www.infosecurity-magazine.com/news/russia-winter-vivern-apt-targets/

- Baseband RCE flaws in Samsung’s Exynos chipsets expose devices to remote hack

https://securityaffairs.com/143582/hacking/baseband-flaws-samsung-exynos.html

- Adobe Acrobat Sign abused to push Redline info-stealing malware

https://www.bleepingcomputer.com/news/security/adobe-acrobat-sign-abused-to-push-redline-info-stealing-malware/

- US Government IIS Server Breached via Telerik Software Flaw

https://www.infosecurity-magazine.com/news/us-server-breached-via-telerik/

- 포티넷 장비 겨낭한 사이버 공격 거세지지만... 포티넷, 적극 대응중

 https://www.boannews.com/media/view.asp?idx=115219&kind=1&sub_kind= 

- 큐버네티스 클러스터를 겨냥한 암호화폐 채굴 캠페인 적발돼

 https://www.boannews.com/media/view.asp?idx=115210&kind=1&sub_kind= 

https://securityaffairs.com/143520/cyber-crime/dero-crypto-mining-campaign.html

- MS 아웃룩 제로데이 취약점 패치 발표... 메일 읽지 않아도 탈취 가능

 https://www.boannews.com/media/view.asp?idx=115278&kind=1&sub_kind= 

https://asec.ahnlab.com/ko/49819/

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022/

https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/

- 인공지능으로 만든 유튜브 영상들로 멀웨어 퍼트리는 공격자들

 https://www.boannews.com/media/view.asp?idx=115116&kind=1&sub_kind= 

https://www.infosecurity-magazine.com/news/infostealers-spread-via-ai-youtube/

- VestCert 원격코드실행 취약점 주의!

https://blog.alyac.co.kr/5100

- 챗GPT 테마로 삼은 악성 플러그인, 페이스북 계정 탈취해

 https://www.boannews.com/media/view.asp?idx=115085&kind=1&sub_kind= 

- 리눅스 SSH 서버를 대상으로 유포 중인 ShellBot 악성코드

https://asec.ahnlab.com/ko/49313/

- Prometei botnet evolves and infected +10,000 systems since November 2022

https://securityaffairs.com/143343/hacking/prometei-botnet-v3.html

- 금융정보 탈취 전문 악성코드 이모텟, 스팸메일 첨부파일로 재유포

 https://www.boannews.com/media/view.asp?idx=115069&kind=1&sub_kind= 

- 패스워드 파일로 위장한 CHM 및 LNK 악성코드 국내 유포중

 https://www.boannews.com/media/view.asp?idx=115070&kind=1&sub_kind= 

# 국가지원 해킹그룹

- China-linked APT likely linked to Fortinet zero-day attacks

https://securityaffairs.com/143594/apt/china-fortinet-zero-day-attacks.html

- 중국의 은밀한 사이버 공격자들, 미국의 민간 네트워크 거세게 공략 중

 https://www.boannews.com/media/view.asp?idx=115255&kind=1&sub_kind= 

https://eurasiantimes.com/new-wave-of-chinese-stealth-attacks/

- 미크로네시아, “중국이 해저 케이블에 침해하려 했다”

 https://www.boannews.com/media/view.asp?idx=115212&kind=1&sub_kind= 

- “협의 이혼 의사 확인?” 부부관계까지 파고드는 북한 해커조직

 https://www.boannews.com/media/view.asp?idx=115179&kind=1&sub_kind= 

- Russia-linked APT29 abuses EU information exchange systems in recent attacks

https://securityaffairs.com/143545/apt/apt29-abused-information-exchange-systems.html

- 유럽 군사, 운송, 에너지 조직들 끊임없이 공격해 온 러시아 해커들

 https://www.boannews.com/media/view.asp?idx=115216&kind=1&sub_kind= 

https://www.wionews.com/world/russian-military-linked-hackers-targeted-european-military-energy-in-apparent-spying-report-572449

- 중국의 사이버 공격자들, 군과 정부와 연루된 DLP 기업 해킹해

 https://www.boannews.com/media/view.asp?idx=115213&kind=1&sub_kind= 

https://thehackernews.com/2023/03/tick-apt-targeted-high-value-customers.html

- 北 사이버 해킹 공격그룹 ‘UNC2970’, BYOVD 통해 더욱 쉽게 공격

 https://www.dailysecu.com/news/articleView.html?idxno=144380 

- 요로트루퍼, CIS 국가들의 대사관 및 외교 기관들 노렸다

 https://www.boannews.com/media/view.asp?idx=115215&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/yorotrooper-cyberspies-target-cis-energy-orgs-eu-embassies/

- 동남아시아 국가들 겨냥한 APT 단체, 대규모 캠페인 실시

 https://www.boannews.com/media/view.asp?idx=115112&kind=1&sub_kind= 

https://thehackernews.com/2023/03/kamikakabot-malware-used-in-latest-dark.html

# 랜섬웨어 / 정보유출

- Hitachi Energy confirms data breach after Clop GoAnywhere attacks

https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/

- 비안리안 랜섬웨어, 데이터 협박 공격에만 치중한다

 https://www.boannews.com/media/view.asp?idx=115252&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/

- Nevada 랜섬웨어 국내 유포 중

https://asec.ahnlab.com/ko/49080/

- Ransomware attacks in Japan hit new record in 2022

https://www3.nhk.or.jp/nhkworld/en/news/20230316_21/

- FBI: Ransomware hit 860 critical infrastructure orgs in 2022

https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-860-critical-infrastructure-orgs-in-2022/

- 알프파이브 랜섬웨어 갱단, 아마존 자회사 링 해킹했다고 주장

 https://www.boannews.com/media/view.asp?idx=115164&kind=1&sub_kind= 

https://techstory.in/ransomware-cyber-group-hacks-amazons-ring-devices/

- The Prolificacy of LockBit Ransomware

https://thehackernews.com/2023/03/the-prolificacy-of-lockbit-ransomware.html

- 랜섬웨어 감염 사실 은폐하려다 300만 달러 벌금 내는 블랙보드

 https://www.boannews.com/media/view.asp?idx=115084&kind=1&sub_kind= 

- 보안 업체 아크로니스 침투한 해커, 21GB 데이터 유출시켜

 https://www.boannews.com/media/view.asp?idx=115083&kind=1&sub_kind= 

https://securityaffairs.com/143380/hacking/acronis-downplays-security-incident.html

- Clop ransomware gang begins extorting GoAnywhere zero-day victims

https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-begins-extorting-goanywhere-zero-day-victims/

# 다크웹 / OSINT / 계정 / 피싱

- 최근 시끌시끌한 SVB 사태, 해커들은 가만두지 않는다

 https://www.boannews.com/media/view.asp?idx=115217&kind=1&sub_kind= 

- 금융, 통신사, 테크 분야 기업들, 피싱 공격자들이 가장 많이 사칭

 https://www.boannews.com/media/view.asp?idx=115132&kind=1&sub_kind= 

- MS, 수백만 통의 피싱 이메일이 매일 발송된다고 경고

 https://www.boannews.com/media/view.asp?idx=115159&kind=1&sub_kind= 

https://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/


# 기타

- “사기 거래 31만 건 잡아냈다” 토스 사례로 본 FDS의 조건 

https://www.itworld.co.kr/news/282031

- 챗GPT 넘는 GPT-4 등판···“환각 여전·해킹 우려도”

https://www.khan.co.kr/economy/economy-general/article/202303151559001

- DNS 통해 빠르게 치고 빠지는 해킹 공격, 최근 유행하기 시작했다

 https://www.boannews.com/media/view.asp?idx=115166&kind=1&sub_kind= 

- API를 문서화 하는 기업, 10%도 되지 않는다

 https://www.boannews.com/media/view.asp?idx=115157&kind=1&sub_kind= 

- 아시아-태평양 지역, 2년 연속 전 세계에서 가장 많은 사이버 공격 받아

 https://www.dailysecu.com/news/articleView.html?idxno=144336 

- [단독]카톡 오픈채팅 해킹...1명당 단가 7000원·2시간 만에 '뚝딱'

https://www.etnews.com/20230314000147

- Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

https://thehackernews.com/2023/03/large-scale-cyber-attack-hijacks-east.html

- How to Apply NIST Principles to SaaS in 2023

https://thehackernews.com/2023/03/how-to-apply-nist-principles-to-saas-in.html

- 끔찍한 사기 수법 ‘돼지 도살’, 로맨스 스캠 섞인 투자 사기의 일종

 https://www.boannews.com/media/view.asp?idx=115086&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/fbi-warns-of-spike-in-pig-butchering-crypto-investment-schemes/

- 성인사이트와의 이상한 연결고리... 불법도박 사이버범죄 실태 분석해보니

 https://www.boannews.com/media/view.asp?idx=114612&kind=1&sub_kind=