2023.04.22 보안 이슈

==2023.04.22==

# 취약점 / 악성코드 

- Tonto 해킹그룹, CHM 악성코드 국내 유포... 진단 우회 위해 계속 변형

 https://www.boannews.com/media/view.asp?idx=117389&kind=1&sub_kind= 

- 구글 클라우드에서 발견된 유령, 영원히 ‘삭제 중’ 상태 유지하며 사라졌다 나타났다

 https://www.boannews.com/media/view.asp?idx=117371&kind=1&sub_kind= 

- 링크 파일(*.lnk)을 통해 유포되는 RokRAT 악성코드 : RedEyes(ScarCruft)

https://asec.ahnlab.com/ko/51628/

- 시티즌랩 “NSO 그룹, 3가지 iOS 제로클릭 제로데이 익스플로잇 사용해 사이버공격 수행” 

 https://www.dailysecu.com/news/articleView.html?idxno=145377 

https://thehackernews.com/2023/04/nso-group-used-3-zero-click-iphone.html

- 구글, 또 다시 나타난 크롬 제로데이 취약점 서둘러 패치해

 https://www.boannews.com/media/view.asp?idx=117314&kind=1&sub_kind= 

https://thehackernews.com/2023/04/google-chrome-hit-by-second-zero-day.html

- 새로운 로더와 유튜브 영상 통해 퍼지는 멀웨어, 오로라

 https://www.boannews.com/media/view.asp?idx=117266&kind=1&sub_kind= 

https://thehackernews.com/2023/04/youtube-videos-distributing-aurora.html

- Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

https://thehackernews.com/2023/04/iranian-hackers-using-simplehelp-remote.html

- 중국 APT41, 레드팀 오픈소스 GC2 이용해 공격 실시

 https://www.boannews.com/media/view.asp?idx=117208&kind=1&sub_kind= 

https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html

- 새로운 큐봇 뱅킹 트로이목마, 기업 이메일 통해 퍼져

 https://www.boannews.com/media/view.asp?idx=117211&kind=1&sub_kind= 

https://thehackernews.com/2023/04/new-qbot-banking-trojan-campaign.html8220Gang 해킹그룹, 로그4셸 취약점 악용해 코인 마이너 설치

- 콘티 랜섬웨어의 전 멤버, 핀7과 손잡아 새로운 멀웨어 개발

 https://www.boannews.com/media/view.asp?idx=117210&kind=1&sub_kind= 

https://thehackernews.com/2023/04/fin7-and-ex-conti-cybercrime-gangs-join.html

- Log4Shell 취약점 공격으로 코인 마이너를 설치하는 8220 Gang 공격 그룹

https://asec.ahnlab.com/ko/51362/

- 크롬과 에지 브라우저, 자라자 멀웨어 공격에 노출돼

 https://www.boannews.com/media/view.asp?idx=117267&kind=1&sub_kind= 

https://thehackernews.com/2023/04/new-zaraza-bot-credential-stealer-sold.html

# 국가지원 해킹그룹

- 북한의 라자루스, 리눅스까지 노리려 새 무기 추가

 https://www.boannews.com/media/view.asp?idx=117367&kind=1&sub_kind= 

- Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

https://thehackernews.com/2023/04/daggerfly-cyberattack-campaign-hits.html

- Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies

https://thehackernews.com/2023/04/pakistani-hackers-use-linux-malware.html

- U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

https://thehackernews.com/2023/04/us-and-uk-warn-of-russian-hackers.html

- Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

https://thehackernews.com/2023/04/google-tag-warns-of-russian-hackers.html 

- Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems

https://thehackernews.com/2023/04/iranian-government-backed-hackers.html

- [북한의 對세계 해킹전쟁①] 북한이 해킹에 목 메는 이유

 https://www.boannews.com/media/view.asp?idx=117046&kind=1&sub_kind= 

- 또 北해커 소행이었다…보안인증 SW·언론사 해킹

 https://news.nate.com/view/20230418n16497?mid=n1101 

https://www.donga.com/news/Politics/article/all/20230418/118891306/2

 https://www.ddaily.co.kr/news/article/?no=262073 

- 솔라윈즈 사태 일으켰던 노벨륨, 유럽 외교 조직 염탐하기 위한 공격 벌여

 https://www.boannews.com/media/view.asp?idx=117223&kind=1&sub_kind= 

https://cybersecuritynews.com/russia-linked-apt29-attacking-nato-and-european-union/

# 랜섬웨어 / 정보유출

- 지멘스의 메타버스에서 민감한 기업 정보가 유출돼

 https://www.boannews.com/media/view.asp?idx=117167&kind=1&sub_kind= 

- 록빗 랜섬웨어 공격자들, 맥 장비들 노리고 공격 실시

 https://www.boannews.com/media/view.asp?idx=117169&kind=1&sub_kind= 

# 다크웹 / OSINT / 계정 / 피싱

- [긴급] ‘국민보험공단 건강검사 통보문’ 피싱문자 주의...피해자 몰래 물품구매 등 2차 피해 우려

 https://www.dailysecu.com/news/articleView.html?idxno=145305 

- 북한 해커조직, 실제 주소와 똑같은 피싱 사이트 사용한다? BitB 기술 악용

 https://www.boannews.com/media/view.asp?idx=117162&kind=1&sub_kind= 

# 공급망

- 소프트웨어 공급망 보안 표준 나왔다··· 오픈소스 보안재단, SLSA 1.0 정식 버전 발표 

https://www.ciokorea.com/news/287731

- 북한 3CX 공급망 공격... SW 공급망 공격이 2차 공격으로 이어진 최초 공격

 https://www.boannews.com/media/view.asp?idx=117351&kind=1&sub_kind= 

- 엘포인트, 롯데시네마, 곰 등 감염시킨 골도슨 멀웨어, 1억 회 다운로드 돼

 https://www.boannews.com/media/view.asp?idx=117273&kind=1&sub_kind= 

https://thehackernews.com/2023/04/goldoson-android-malware-infects-over.html

# 기타

- [단독] 중국 해킹그룹 샤오치잉, 국내 기업 또 다시 해킹 공격

 https://www.boannews.com/media/view.asp?idx=117388&kind=1&sub_kind= 

- 데이터 분석의 고효율화를 위한 4가지 방법

 https://www.boannews.com/media/view.asp?idx=117213&kind=1&sub_kind= 

- 맨디언트, 2023 M-트렌드 보고서 공개…주요 위협 인텔리전스 공유

 https://www.dailysecu.com/news/articleView.html?idxno=145332 

- DFIR via XDR: How to expedite your investigations with a DFIRent approach

https://thehackernews.com/2023/04/dfir-via-xdr-how-to-expedite-your.html

- 인공지능을 대상으로 한 모의 해킹, 그 동안 했던 레드팀 훈련과 다르다

 https://www.boannews.com/media/view.asp?idx=117221&kind=1&sub_kind= 

- What's the Difference Between CSPM & SSPM?

https://thehackernews.com/2023/04/whats-difference-between-cspm-sspm.html

- 워터게이트와 초원복집 사건, 한미 양국의 뼈아픈 도청 역사

 https://www.boannews.com/media/view.asp?idx=116960&kind=1&sub_kind= 

- 온라인 게임 채팅, 가장 위협적인 첩보 유출 경로

 https://www.boannews.com/media/view.asp?idx=117171&kind=1&sub_kind= 

- 중국 해커조직 샤오치잉의 한국 타깃 해킹 공격... 그 43일간의 기록

 https://www.boannews.com/media/view.asp?idx=117157&kind=1&sub_kind=