Incidents & Breaches Archives - Page 17 of 22

Japanese Automaker Data Breach and South Korean Steel Ransomware Attack Highlight East Asia Cyber Threats

In March 2026, a Japanese automaker suffered a personal data breach via unauthorized external access, while INC Ransom targeted a South Korean steel manufacturer in a ransomware attack. Simultaneously, the administrator of the LeakBase dark web forum was arrested in Russia. These incidents underscore ongoing cyber risks to manufacturing sectors in Japan and South Korea, with implications for supply chain security and threat actor infrastructure disruption. Read more

May 15, 2026 Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

ShinyHunters Claims U.S. Retail and Software Breaches; New Extortion Group Prinz Eugen Emerges

In Week 4 of April 2026, ShinyHunters claimed responsibility for data breaches targeting a major U.S. convenience store chain and a U.S. software development firm, while a new data extortion group, Prinz Eugen, emerged on the dark web, according to ASEC Blog. Read more

May 15, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Security Operations

New Ransomware Strains TiMC, BlackWater, Lamashtu Emerge Amid DDoS Claims and Social Engineering Campaigns

ASEC reports three new ransomware variants—TiMC, BlackWater, and Lamashtu—alongside NoName05716’s claimed DDoS attacks on South Korean public and private entities and the VECT·TeamPCP campaign targeting a Dutch travel booking platform via social engineering. Read more

May 15, 2026May 15, 2026 AI Security Cloud Security Incidents & Breaches Security Operations

Iranian Cyber Campaign Targets South Korean Electronics Manufacturing for Intellectual Property Theft

A targeted cyber-espionage campaign attributed to the Iran-linked MuddyWater group successfully breached a major South Korean electronics manufacturer in early 2026. The operation utilized DLL sideloading and legitimate service abuse to conduct industrial reconnaissance and credential theft, signaling a shift toward more operationally mature and quiet attacks against high-value East Asian industrial targets. Read more

May 15, 2026 Identity & Governance Incidents & Breaches Security Operations Vulnerability Intelligence

South Korea APT Campaigns in March 2026 Rely on LNK Files and Multi-Stage Scripting

In March 2026, AhnLab observed South Korea-targeted APT attacks primarily using spear-phishing emails with LNK files to deploy malware via PowerShell, curl, HTA, and scripting chains, leading to info-stealers, keyloggers, and memory-resident backdoors. Read more

May 14, 2026 AI Security Cloud Security Incidents & Breaches Vulnerability Intelligence

How Operators Can Monitor JPCERT/CC Alerts for Japan Infrastructure Risk

Monitor JPCERT/CC alerts as a primary source for Japanese enterprise and infrastructure risk, focusing on vendor advisories, exploitation signals, and exposure relevant to global security teams. This evergreen playbook outlines how to use the official JPCERT/CC RSS feed for continuous monitoring without treating it as breaking news. Read more

May 13, 2026 Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Windows Web Server Exploitation Trends: Analysis of Q1 2026 Attack Patterns

AhnLab SEcurity intelligence Center (ASEC) reports persistent targeting of Windows-based IIS and Apache Tomcat servers in Q1 2026. Attackers, notably the Larva-26001 threat actor, utilize web shell command execution, privilege escalation exploits like JuicyPotato, and port-forwarding tools to seize control of infected systems through RDP-mediated access and internal network lateral movement. Read more

May 13, 2026May 24, 2026 Cloud Security Identity & Governance Incidents & Breaches Security Operations

ASEC Q1 2026 Report Reveals Larva-26002’s Shift to Go-Based ICE Cloud Scanner via BCP Exploitation

ASEC’s analysis of ASD logs for Q1 2026 shows persistent attacks on Windows-based MS-SQL and MySQL servers, with a temporary decline in February followed by a March rebound. The Larva-26002 threat actor was observed deploying the Go-written ICE Cloud scanner via BCP exploitation on mismanaged MS-SQL systems, continuing prior use of Trigona and Mimic ransomware. Turkish-language strings in the scanner align with earlier Mimic campaigns. Primary vectors include brute force, dictionary attacks, and exploitation of weak or misconfigured accounts due to poor administrative hygiene. Read more

May 13, 2026 Identity & Governance Incidents & Breaches Security Operations Vulnerability Intelligence

Korean and Global Financial Sectors Face Multi-Layered Cyber Threats in Early 2026

March 2026 saw a surge in complex cyberattacks targeting financial institutions, characterized by Lazarus Group watering hole exploits, large-scale dark web data leaks, and targeted phishing. Vulnerabilities in AnySign4PC were used for remote code execution, while ransomware groups like Apt73 and WorldLeaks intensified double extortion tactics, significantly raising the risk profile for global and South Korean banking infrastructure. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Genians NAC SQL Injection Vulnerability Exposes Network Infrastructure to Data Disclosure

Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more