Author: Eugene Jang | S2W AI Team This paper was accepted at ACL (Association for Computational Linguistics) 2023. View here → https://arxiv.org/pdf/2305.08596.pdf Introduction We’re excited to talk about our paper DarkBERT: A Language Model for the Dark Side of the Internet, which was accepted into ACL 2023. Developed by the…

Author: BLKSMTH | S2W TALON Last Modified: May 17, 2023 Executive Summary 2023년 5월 경, S2W의 위협 연구 및 인텔리전스 센터 Talon은 Kimsuky 그룹의 새로운 악성코드로 추정되는 샘플을 VirusTotal에서 헌팅하여 분석을 진행함 헌팅된 악성코드는 네이버 로그인에 필 …

Author: HOTSAUCE (위협탐지팀) | S2W TALON dasomong, Magma, Sigma & kkh4y (데이터 분석가) Last Modified : May 11, 2023 Executive Summary Mont4na 유저는 한국을 포함한 다양한 국가의 웹 사이트 취약점과 유출 정보를 판매하는 전문적인 Access Broker 이며, …

Author: BLKSMTH | S2W TALON Last Modified: Mar 23, 2023 Executive Summary According to an analysis report published by InterLab in December 2022, a South Korean journalist received a message requesting a conversation via the Wechat messenger, and the requestor instructed the journalist to install a malicious APK file disguised as a…

Author: HOTSAUCE | S2W TALON Last Modified : Mar 20, 2023 Executive Summary 최근 정부 기관의 공식 유튜브 채널을 비롯한 게임 유튜버 “인피쉰”, 성우 유튜버 “남도형의 블루클럽” 등 구독자 수가 많은 유튜버들을 대상으로 피싱 메일을 발송하여 계정을 해킹하는 사례가 늘어나고 있음. 관련 …

Author: BLKSMTH | S2W TALON Last Modified: Mar 17, 2023 Executive Summary We have confirmed that the Kimsuky group is distributing malware using a malicious OneNote (.ONE) file, which cybercriminals have widely used. When viewed, the ONE file displays an image of the Institute for Peace and Democracy at Korea University and…

Author: Kay Kyoung-ju Kwak | S2W TALON with ChatGPT Kay Kyoung-ju Kwak is the Head of Center for Threat Research and Intelligence, Talon at S2W. He is an advisory member of Cybersecurity Alliance operated by Ministry of Science and ICT, as well as the technical advisor of Personal Information Protection…

Author: Jiho Kim & Sebin Lee | S2W TALON Last Modified : Feb 27, 2023 Executive Summary Lumma Stealer is an info stealer malware written in C language and has been sold on underground forums since August 2022. The seller of Lumma Stealer has been actively promoting it since at least April…

Author: Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang Basic Information Tested OS: Windows 10 1809, 2009 x64, Windows 11 x64 Severity: Important Target module version: <1.1.19100.5(mpengine.dll) First updated version: 1.1.19100.5(mpengine.dll) This vulnerability allows remote attackers to trigger heap out-of-bounds read on default installation of Windows Defender. We tested this vulnerability with…