Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Andariel group has been targeting various South Korean software solutions, particularly asset management and document management systems. Recent attacks involve the installation of SmallTiger malware, often through exploiting vulnerabilities in outdated software versions. In asset management solution attacks, the group uses ModeLoader and SmallTiger, sometimes replacing update programs to distribute malware. They also employ keyloggers and enable RDP access for future intrusions. A new attack vector involves a Korean document management solution, where outdated Apache Tomcat servers are exploited. The attackers use system information queries, Advanced Port Scanner, and attempt to install web shells. Corporate security managers are advised to strengthen monitoring of centralized management solutions, apply security patches, and keep systems updated to prevent malware infections.
OPENCTI LABELS :
keylogger,rdp,web shell,modeloader,south korea,smalltiger,document management,asset management
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)