2023.06.17 보안 이슈

==2023.06.17==

# 취약점 / 악성코드 

- ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC

https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html

- 구인구직사이트와 유사한 도메인을 통해 유포중인 입사지원서 위장 악성파일 주의!

https://blog.alyac.co.kr/5175

- Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities

https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html

- Mandiant says China-backed hackers exploited Barracuda zero-day to spy on governments

https://news.yahoo.com/mandiant-says-china-backed-hackers-130047445.html

- 발라다 인젝터 멀웨어, 워드프레스 생태계 감염시키고 있어

 https://www.boannews.com/media/view.asp?idx=119176&kind=1&sub_kind= 

- Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

https://thehackernews.com/2023/06/severe-vulnerabilities-reported-in.html

- Chinese hackers used VMware ESXi zero-day to backdoor VMs

https://www.bleepingcomputer.com/news/security/chinese-hackers-used-vmware-esxi-zero-day-to-backdoor-vms/

- 암호화폐 훔치려 스테가노그래피 기법 통해 새로운 로더 활용하는 공격자들

 https://www.boannews.com/media/view.asp?idx=119090&kind=1&sub_kind= 

- .NET 설치 파일로 위장한 RecordBreaker 정보탈취 악성코드

https://asec.ahnlab.com/ko/54140/

- Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.html

- Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

https://thehackernews.com/2023/06/cybercriminals-using-powerful-batcloak.html

- 마인크래프트 모드(Mod) 플랫폼을 통해 유포되는 Fractureiser 악성코드 주의

https://blog.alyac.co.kr/5170

- Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html

- 초대형 공급망 공격? 클롭 랜섬웨어, 무브잇 통해 일 저질러

 https://www.boannews.com/media/view.asp?idx=118913&kind=1&sub_kind= 

 https://www.boannews.com/media/view.asp?idx=118891&kind=1&sub_kind= 

https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html

- 국내 금융 보안 솔루션의 취약점을 이용하는 Lazarus 공격 그룹

https://asec.ahnlab.com/ko/53832/

- 활동의 기지개 펴기 시작한 메이지카트, 이전보다 훨씬 업그레이드 돼

 https://www.boannews.com/media/view.asp?idx=118853&kind=1&sub_kind= 

- New PowerDrop Malware Targeting U.S. Aerospace Industry

https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html

- Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!

https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html

# 국가지원 해킹그룹

- 고도화하는 北해킹…IT용역업체 통해 국가기관 전산망 침투

https://www.yna.co.kr/view/AKR20230603037200504

- Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine 

https://securityaffairs.com/147497/apt/gamaredon-targets-ukraine-new-ttps.html

- MS, 러시아 정부와 관련이 있는 새로운 APT 단체의 정체 드러내

 https://www.boannews.com/media/view.asp?idx=119171&kind=1&sub_kind= 

- 북한 ‘네이버 복제 피싱사이트’로 우리 국민 노린다

 https://www.boannews.com/media/view.asp?idx=119121&kind=1&sub_kind= 

- 북한 해킹그룹 APT37의 치밀한 스피어피싱 공격기법 분석해보니

 https://www.boannews.com/media/view.asp?idx=119028&kind=1&sub_kind= 

- “北 해킹조직 ‘침묵의 천리마’, 美 의료 서비스 위협”

 http://www.spnews.co.kr/news/articleView.html?idxno=66734 

- 美 “北, 미사일 자금 절반 코인 해킹으로 충당”… 5년간 4조 탈취

https://www.donga.com/news/Inter/article/all/20230613/119734726/1

- 개인을 도청하는 RedEyes 그룹 (APT37)

https://asec.ahnlab.com/ko/53851/

- New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

https://thehackernews.com/2023/06/new-spectralviper-backdoor-targeting.html

- Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html

- 北, 핵·미사일 개발자금 떨어졌나…"가상화폐 해킹해 456억원 훔쳐"

 https://news.nate.com/view/20230607n34538?mid=n0506 

- 北해커단체 ‘김수키’, 前 장·차관급 3명 등 안보 전문가 9명 메일함 털었다

https://www.chosun.com/national/2023/06/07/JFYTGXUWGZCJROWZZSZ5V7CRIM/

- "교수님, 코멘트 좀" 연구원 사칭 메일··· 北 해킹조직 '김수키' 소행이었다

https://www.hankookilbo.com/News/Read/A2023060710200000276

# 랜섬웨어 / 정보유출

- 라이시다 랜섬웨어, 칠레 군의 기밀 담긴 문서 유출시켜

 https://www.boannews.com/media/view.asp?idx=119219&kind=1&sub_kind= 

- 의약품 제조 기업 ‘한독’, 해킹 피해... 의사·약사 개인정보 유출

 https://www.boannews.com/media/view.asp?idx=119213&kind=1&sub_kind= 

- 사상 첫 자동화 SaaS 랜섬웨어 공격을 성공시킨 오메가 일당들

 https://www.boannews.com/media/view.asp?idx=119078&kind=1&sub_kind= 

- CISA-FBI, "클롭 랜섬웨어 그룹의 제로데이 취약점 악용한 공격 주의" 당부

 https://www.dailysecu.com/news/articleView.html?idxno=146826 

- Winning the Mind Game: The Role of the Ransomware Negotiator

https://thehackernews.com/2023/06/winning-mind-game-role-of-ransomware.html

# 다크웹 / OSINT / 계정 / 피싱

- Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

- Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants

https://thehackernews.com/2023/06/microsoft-uncovers-banking-aitm.html

- [카드뉴스] 서비스형 피싱 공격 ‘PhaaS’

 https://www.boannews.com/media/view.asp?idx=118850&kind=1&sub_kind= 

- VPN 애플리케이션 i2VPN, 관리자 계정 정보 해킹됐나

 https://www.boannews.com/media/view.asp?idx=118845&kind=1&sub_kind= 

#AI 

- [기고] 나는 AI에게 설명을 요구한다/김철웅 금융보안원장

 https://www.seoul.co.kr/news/newsView.php?id=20230606017003 

- LLM meets Malware: Starting the Era of Autonomous Threat 

https://securityaffairs.com/147447/malware/llm-meets-malware.html

- New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT

https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html

- 챗GPT의 가짜 정보 생성 기능, 멀웨어 개발에 악용된다

 https://www.boannews.com/media/view.asp?idx=118958&kind=1&sub_kind= 

- 딥페이크로 만들어진 푸틴의 연설, 방송 전파까지 타

 https://www.boannews.com/media/view.asp?idx=118892&kind=1&sub_kind= 

- [단독] 기밀부터 마약 은어도 술술…'다크웹' 학습한 AI

 https://news.sbs.co.kr/news/endPage.do?news_id=N1007218959&plink=COPYPASTE&cooper=SBSNEWSEND 

- [두 얼굴의 AI]①보안전문가라 속이자…IP카메라 순식간에 해킹

https://www.asiae.co.kr/article/2023060709231413687

- 섹스토션 공격자들, 인공지능 활용해 공격 범위 넓혀

 https://www.boannews.com/media/view.asp?idx=118843&kind=1&sub_kind= 

# 공급망

# 기타

- 팔로알토 네트웍스, “클라우드 환경에서 보안 문제 해결까지 6일 걸려” 

 http://www.boannews.com/media/view.asp?idx=119170&kind=&sub_kind= 

- Activities in the Cybercrime Underground Require a New Approach to Cybersecurity

https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html

- 랜섬웨어 해커들, 클라우드 채굴 행위 통해 암호화폐 세탁해

 https://www.boannews.com/media/view.asp?idx=119220&kind=1&sub_kind= 

- Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html

- 개인정보 78만4,920건 유출 인터파크에 과징금 10억 2,645만 원 부과 (크리덴셜 스터핑)

 https://www.dailysecu.com/news/articleView.html?idxno=146966 

- How to Improve Your API Security Posture

https://thehackernews.com/2023/06/how-to-improve-your-api-security-posture.html

- 혼다의 API 보호 실패, 수많은 정보 자유롭게 열람하게 해

 https://www.boannews.com/media/view.asp?idx=118894&kind=1&sub_kind=