Cyber Threat Trends

Summary: 2025/04/19 12:23

First reported date: 2010/08/25
Inquiry period : 2025/04/18 12:23 ~ 2025/04/19 12:23 (1 days), 25 search results

지난 7일 기간대비 -12% 낮은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Malware Ransomware Campaign MWNEWS Operation 입니다.
악성코드 유형 Lumma Vidar RedLine Raccoon Sodinokibi 도 새롭게 확인됩니다.
공격기술 ClickFix 도 새롭게 확인됩니다.
기타 NTLM SMA Interlock multistage Tesla 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/19 Alarms sound over attacks via Microsoft NTLM vulnerability
    ㆍ 2025/04/19 HHS fines Guam hospital over ransomware attack, HIPAA violations
    ㆍ 2025/04/19 Attacks involving old SonicWall SMA100 vulnerability underway

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Attack	25	▼ -3 (-12%)
2	Malware	14	▲ 1 (7%)
3	Report	7	▼ -1 (-14%)
4	Exploit	7	- 0 (0%)
5	Ransomware	7	▲ 2 (29%)
6	Campaign	6	▲ 3 (50%)
7	target	6	▼ -2 (-33%)
8	MWNEWS	5	▲ 1 (20%)
9	Operation	5	▲ 1 (20%)
10	Vulnerability	4	▲ 1 (25%)
11	Phishing	3	▼ -1 (-33%)
12	United States	3	- 0 (0%)
13	group	3	▲ 2 (67%)
14	China	3	- 0 (0%)
15	NTLM	3	▲ new
16	SonicWall	2	▲ 2 (100%)
17	Russia	2	- 0 (0%)
18	DDoS	2	▲ 1 (50%)
19	RCE	2	▼ -3 (-150%)
20	Telegram	2	▲ 2 (100%)
21	Kaspersky	2	- 0 (0%)
22	Windows	2	- 0 (0%)
23	Recorded Future	2	▲ 2 (100%)
24	Active	2	▲ 2 (100%)
25	gang	2	▲ 2 (100%)
26	Cisco	2	▲ 2 (100%)
27	SMA	2	▲ new
28	VPN	2	▲ 1 (50%)
29	intelligence	2	▼ -1 (-50%)
30	Threat	2	▼ -1 (-50%)
31	Interlock	2	▲ new
32	Dark	2	▲ 1 (50%)
33	Trojan	2	▲ 1 (50%)
34	Remcos	2	▲ 2 (100%)
35	Software	2	▼ -1 (-50%)
36	multistage	2	▲ new
37	Microsoft	2	- 0 (0%)
38	ClickFix	2	▲ new
39	Palo Alto Networks	2	▲ 1 (50%)
40	powershell	2	▲ 2 (100%)
41	Xloader	2	▲ 2 (100%)
42	Chinese	2	▲ 1 (50%)
43	Government	2	- 0 (0%)
44	Update	2	▼ -3 (-150%)
45	Lumma	1	▲ new
46	Vidar	1	▲ new
47	DarkWeb	1	▲ 1 (100%)
48	GameoverP2P	1	▲ 1 (100%)
49	Criminal	1	▼ -1 (-100%)
50	c&c	1	- 0 (0%)
51	Stealer	1	- 0 (0%)
52	RedLine	1	▲ new
53	Cryptocurrency	1	- 0 (0%)
54	Tesla	1	▲ new
55	Raccoon	1	▲ new
56	HHS	1	▲ new
57	Agent	1	▲ 1 (100%)
58	Kali	1	▲ 1 (100%)
59	delivery	1	▲ new
60	INC	1	▲ new
61	Browser	1	- 0 (0%)
62	Resilience	1	▲ 1 (100%)
63	Food	1	▲ new
64	Ahold	1	▲ new
65	Q2	1	▲ new
66	Mar	1	▲ new
67	leak	1	▲ new
68	hash	1	▲ new
69	APT28	1	▲ 1 (100%)
70	old	1	▲ 1 (100%)
71	Kit	1	▲ new
72	road	1	▲ 1 (100%)
73	CISO	1	▲ new
74	toll	1	▲ 1 (100%)
75	Smishing	1	▲ 1 (100%)
76	Google	1	- 0 (0%)
77	North	1	▲ new
78	breach	1	- 0 (0%)
79	ransomwarerelated	1	▲ new
80	RAT	1	- 0 (0%)
81	Sodinokibi	1	▲ new
82	intrusion	1	▲ new
83	Chinalinked	1	▲ new
84	Billbug	1	▲ new
85	Delhaize	1	▲ new
86	HIPAA	1	▲ new
87	Email	1	▼ -2 (-200%)
88	Takedown	1	▲ 1 (100%)
89	Shops	1	▲ new
90	Controller	1	- 0 (0%)
91	NetWireRC	1	- 0 (0%)
92	adware	1	▲ new
93	detection	1	- 0 (0%)
94	triggered	1	▲ 1 (100%)
95	key	1	- 0 (0%)
96	incident	1	▲ 1 (100%)
97	real	1	▲ 1 (100%)
98	FBI	1	▲ 1 (100%)
99	offline	1	▲ new
100	BreachForums	1	▲ 1 (100%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Ransomware		7 (33.3%)
Trojan		2 (9.5%)
Remcos		2 (9.5%)
Xloader		2 (9.5%)
Lumma		1 (4.8%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
APT28		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Exploit		7 (26.9%)
Campaign		6 (23.1%)
Phishing		3 (11.5%)
DDoS		2 (7.7%)
RCE		2 (7.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		3 (11.5%)
China		3 (11.5%)
Russia		2 (7.7%)
Kaspersky		2 (7.7%)
Recorded Future		2 (7.7%)

Threat info

Last 5

SNS

(Total : 13)

Total keyword

attack Malware Attacker Report Ransomware ClickFix Campaign China target Exploit VPN Telegram Backdoor Supply chain RCE Chinese APT MUSTANG PANDA Cobalt Strike Xloader Remcos Palo Alto Networks powershell Software Password Android Banking Operation FBI DDoS Trojan

No	Title	Date
1	Cyber_OSINT @Cyber_O51NT BreachForums is reportedly offline again, with claims of DDoS attacks by a group called Dark Storm, though experts urge skepticism amid speculation of another FBI seizure and ongoing chaos within the forum's operations. #Cybersecurity #BreachForums https://t.co/qtORDeDoXk	2025.04.18
2	Cyber_OSINT @Cyber_O51NT On April 12, 2025, CMC Group engineers experienced the onset of Vietnam's most notable ransomware attack, as network logs revealed an unfamiliar admin account probing hidden developer subnets. #CyberSecurity #VietnamCyberAttack https://t.co/J9g2I9tBAk	2025.04.18
3	Cyber_OSINT @Cyber_O51NT A recent multi-stage malware attack utilizes .JSE and PowerShell to deliver Agent Tesla, Remcos RAT, and XLoader, as noted by Palo Alto Networks' Saqib Khanzada, who highlights attackers' tactics to evade detection and ensure payload execution. https://t.co/i7vn5wZL9L	2025.04.18
4	Cyber_OSINT @Cyber_O51NT New stats reveal Android malware attacks reached 33.3 million in 2024, with adware leading at 35% of detections, while mobile banking Trojan incidents surged by 196%, highlighting the persistent and evolving threats in 2025. #AndroidMalware #Cybersecurity https://t.co/qL1dLQYFq4	2025.04.18
5	Microsoft Threat Intelligence @MsftSecIntel Threat actors have consistently exploited critical vulnerabilities in Exchange Server and SharePoint Server that enable them to gain a persistent foothold inside the target. Such attacks have been observed to lead to remote code execution, lateral movement, and exfiltration of	2025.04.18

News

(Total : 12)

Total keyword

Attack Malware Exploit Vulnerability Operation Ransomware target Campaign Report United States Phishing Recorded Future Russia Update Cisco intelligence Microsoft Kaspersky Windows Government Smishing Sodinokibi Software RCE Email China Chinese APT28 Google Takedown Lumma VPN Palo Alto Networks NetWireRC Remcos IoT powershell Docker Trojan Linux DDoS CVE CISA Attacker Xloader Browser Cryptocurrency Kali Stealer Criminal GameoverP2P DarkWeb CVSS Telegram c&c RAT Vidar Raccoon RedLine

No	Title	Date
1	Alarms sound over attacks via Microsoft NTLM vulnerability - Malware.News	2025.04.19
2	HHS fines Guam hospital over ransomware attack, HIPAA violations - Malware.News	2025.04.19
3	Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States - The Hacker News	2025.04.19
4	Q2 2025 CISO priorities: Resilience, intelligence & impact take center stage - Malware.News	2025.04.19
5	Phishing campaigns abuse Windows NTLM hash leak bug - Malware.News	2025.04.19

Additional information

No	Title	Date
1	Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology	2025.04.19
2	When Vulnerability Information Flows are Vulnerable Themselves - Malware.News	2025.04.19
3	CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News	2025.04.19
4	Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News	2025.04.19
5	Text scams grow to steal hundreds of millions of dollars - Malware.News	2025.04.19
View only the last 5

No	Title	Date
1	Alarms sound over attacks via Microsoft NTLM vulnerability - Malware.News	2025.04.19
2	Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States - The Hacker News	2025.04.19
3	Phishing campaigns abuse Windows NTLM hash leak bug - Malware.News	2025.04.19
4	Paradies Shops to settle ransomware-related breach for $6.9M - Malware.News	2025.04.19
5	Data breach confirmed by Ahold Delhaize after INC ransomware claims - Malware.News	2025.04.19
View only the last 5

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://95.214.55.202:3306/TomcatBypass/Command/Base64/a2lsbGFsbCAtOSBwYXJhaXNvLng4Njsga2lsbGFsbCAtOS... attack shell TomcatByPass	PL	Meverywhere sp. z o.o.	abus3reports	2024.05.14
2	http://194.59.31.163:2411/TomcatBypass/Command/Base64/d2dldCAtTy0gaHR0cDovLzE5NC41OS4zMS4xNjMvbGkyLn... attack shell TomcatByPass	US		abus3reports	2024.05.14

Beta Service, If you select keyword, you can check detailed information.