Cyber Threat Trends

Summary: 2025/05/04 09:42

First reported date: 2010/11/26
Inquiry period : 2025/04/04 09:42 ~ 2025/05/04 09:42 (1 months), 85 search results

전 기간대비 -15% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 target Linux RCE hijack Distribution 입니다.
악성코드 유형 BPFDoor TONESHELL XMRig 도 새롭게 확인됩니다.
공격자 Red Menshen 도 새롭게 확인됩니다.
공격기술 Spear Phishing Hijacking 도 새롭게 확인됩니다.
기관 및 기업 Egypt Zscaler 도 새롭게 확인됩니다.
기타 MUSTANG PANDA Controller 사용 Mustang ML 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/05/03 Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims
    ㆍ 2025/05/02 SKT 해킹 배후에 중국 그림자?.. 악명 떨치는 중국계 해킹 조직들
    ㆍ 2025/05/01 Detailed Analysis of BPFDoor targeting South Korean Company

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Backdoor	85	▼ -13 (-15%)
2	Malware	42	▼ -17 (-40%)
3	target	30	▲ 4 (13%)
4	Campaign	25	▼ -11 (-44%)
5	Update	24	▼ -2 (-8%)
6	attack	21	▼ -11 (-52%)
7	Report	21	▼ -5 (-24%)
8	Exploit	16	▼ -14 (-88%)
9	Linux	15	▲ 9 (60%)
10	China	15	▼ -8 (-53%)
11	Advertising	15	▼ -3 (-20%)
12	Vulnerability	14	▼ -10 (-71%)
13	United States	14	▼ -6 (-43%)
14	Software	13	- 0 (0%)
15	Kaspersky	12	▼ -3 (-25%)
16	Victim	12	▼ -4 (-33%)
17	Phishing	12	▼ -6 (-50%)
18	RCE	12	▲ 11 (92%)
19	intelligence	11	▼ -9 (-82%)
20	Windows	11	▼ -11 (-100%)
21	c&c	11	▼ -3 (-27%)
22	Microsoft	10	▼ -1 (-10%)
23	hijack	10	▲ 5 (50%)
24	Distribution	9	▲ 1 (11%)
25	Government	9	▼ -6 (-67%)
26	BPFDoor	8	▲ new
27	Russia	8	▼ -5 (-63%)
28	South Korea	8	▲ 7 (88%)
29	hacking	8	- 0 (0%)
30	IoC	7	▼ -9 (-129%)
31	Operation	7	▼ -2 (-29%)
32	EDR	7	▲ 2 (29%)
33	ZeroDay	7	▼ -4 (-57%)
34	Cobalt Strike	7	▼ -2 (-29%)
35	Trojan	6	▼ -5 (-83%)
36	GitHub	6	▼ -3 (-50%)
37	Supply chain	6	▼ -4 (-67%)
38	TONESHELL	5	▲ new
39	Hong Kong	5	▲ 3 (60%)
40	GameoverP2P	5	▲ 1 (20%)
41	MUSTANG PANDA	5	▲ new
42	Taiwan	5	▲ 1 (20%)
43	Cryptocurrency Miner	5	▲ 3 (60%)
44	Email	5	▼ -10 (-200%)
45	iot	5	▲ 4 (80%)
46	MWNEWS	4	▲ 2 (50%)
47	Twitter	4	▼ -1 (-25%)
48	Egypt	4	▲ new
49	Threat	4	▼ -3 (-75%)
50	powershell	4	▼ -4 (-100%)
51	RAT	4	▲ 1 (25%)
52	Lazarus	4	▲ 3 (75%)
53	file	4	- 0 (0%)
54	Iran	4	▲ 3 (75%)
55	Apple	4	▼ -2 (-50%)
56	Fortinet	4	▲ 3 (75%)
57	NetWireRC	4	▼ -4 (-100%)
58	Trend Micro	4	▲ 3 (75%)
59	Education	4	▼ -5 (-125%)
60	CISA	4	▼ -7 (-175%)
61	Zscaler	4	▲ new
62	Telegram	3	- 0 (0%)
63	Controller	3	▲ new
64	npm	3	▲ 2 (67%)
65	DDoS	3	- 0 (0%)
66	XMRig	3	▲ new
67	사용	3	▲ new
68	Spear Phishing	3	▲ new
69	RSA Conference	3	- 0 (0%)
70	Stealer	3	▼ -6 (-200%)
71	Cisco	3	▼ -4 (-133%)
72	Red Menshen	3	▲ new
73	MFA	3	- 0 (0%)
74	Mustang	3	▲ new
75	AI	3	- 0 (0%)
76	WordPress	3	▼ -1 (-33%)
77	plugin	3	▲ 1 (33%)
78	Chinese	3	▼ -4 (-133%)
79	access	3	▲ 1 (33%)
80	Hijacking	3	▲ new
81	Europe	3	▼ -3 (-100%)
82	LinkedIn	3	▼ -1 (-33%)
83	Cryptocurrency	3	▲ 1 (33%)
84	North Korea	3	▼ -1 (-33%)
85	Google	3	▼ -4 (-133%)
86	Yes	3	▲ 2 (67%)
87	mattress	3	▲ 2 (67%)
88	smart	3	- 0 (0%)
89	공격	3	▲ 2 (67%)
90	tech	3	▲ 2 (67%)
91	iotsecurity	3	▲ 2 (67%)
92	researcher	3	▲ 2 (67%)
93	Java	3	▼ -6 (-200%)
94	model	2	▲ 1 (50%)
95	ML	2	▲ new
96	chain	2	▲ 1 (50%)
97	Supply	2	▲ 1 (50%)
98	PebbleDash	2	▲ new
99	Micros	2	▲ new
100	Trend	2	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
BPFDoor		8 (14.3%)
Trojan		6 (10.7%)
TONESHELL		5 (8.9%)
GameoverP2P		5 (8.9%)
Cryptocurrency Miner		5 (8.9%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Lazarus		4 (57.1%)
Red Menshen		3 (42.9%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Backdoor		85 (45%)
Campaign		25 (13.2%)
Exploit		16 (8.5%)
Phishing		12 (6.3%)
RCE		12 (6.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
China		15 (11.1%)
United States		14 (10.4%)
Kaspersky		12 (8.9%)
Microsoft		10 (7.4%)
Government		9 (6.7%)

Threat info

Last 5

SNS

(Total : 39)

Total keyword

Backdoor target attack Update Malware Campaign China Phishing Fortinet Kaspersky Exploit iot Linux Trend Micro Cryptocurrency Miner Supply chain c&c RCE XMRig Telegram Russia apt Stealer Attacker hijack Victim BPFDoor Iran Chinese United States WordPress Japan Government Iranian CACTUS SocGholish plugin Email Cisco FakeCaptcha Lumma Botnet Trojan ...

No	Title	Date
1	The Hacker News @TheHackersNews ???? Two years inside. Nation-state footprints. Critical infrastructure targeted. Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23–Feb '25). Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases. Read this story ➡️ https://t.co/9QOUlV5C	2025.05.03
2	Virus Bulletin @virusbtn Trend Micro's Hara Hiroaki outlines recent modifications observed in Earth Kasha’s TTPs in its latest campaign, detected in March 2025, targeting Taiwan & Japan. The attack begins with a spear-phishing email that leads to a new version of the ANEL backdoor https://t.co/uPzsBAhS9A https://t.co/RZ	2025.05.02
3	Cybernews @CyberNews Mozilla has launched an online petition calling on governments to protect and secure personal information and privacy by rejecting encryption backdoors. #Mozilla #petition #government #privacy #encryption https://t.co/sjagM0Bf6Z	2025.05.02
4	Virus Bulletin @virusbtn Trustwave researchers observed a notable increase in NodeJS-based backdoor deployments across multiple malware campaigns, including KongTuke, Fake CAPTCHA schemes, Mispadu, and Lumma stealers. https://t.co/GdOaemuReO https://t.co/5ekJi09tCs	2025.05.01
5	Threat Intelligence @threatintel #ThreatProtection Trojanized Uyghur text editor used to spy on World Uyghur Congress via spoofed C2 domains. Read more about Symantec's protection: https://t.co/dhBDRSplRX #WUC #Backdoor #Phishing	2025.05.01

News

(Total : 46)

Total keyword

Backdoor Malware target Report Campaign Update Attacker Vulnerability attack Advertising Exploit Software United States Linux intelligence Victim RCE China Windows Microsoft c&c Distribution Kaspersky Phishing Government hijack hacking EDR Operation South Korea ZeroDay GitHub IoC Cobalt Strike Russia BPFDoor GameoverP2P Trojan TONESHELL Hong Kong MUSTANG PANDA Email CISA Taiwan powershell Lazarus Education Twitter Supply chain RAT Europe MFA Google DDoS Egypt Cryptocurrency Miner LinkedIn NetWireRC Red Menshen Apple North Korea Zscaler RSA Conference Java Cryptocurrency GraphicalNeutrino Social Engineering CVSS plugin Hijacking France keylogger Trend Micro ClickFix IoT CoreDN UNIX DYEPACK WordPress Spear Phishing 악성코드 United Kingdom DarkWeb IcedID ChatGPT schtasks Ransomware 백도어 ...

No	Title	Date
1	Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims - Malware.News	2025.05.03
2	SKT 해킹 배후에 중국 그림자?.. 악명 떨치는 중국계 해킹 조직들 - 시큐리티팩트	2025.05.02
3	Detailed Analysis of BPFDoor targeting South Korean Company - Malware.News	2025.05.01
4	잉카인터넷, SK텔레콤 공격에 사용된 ‘BPFDoor' 대응 전용 백신 무료 제공 - 데일리시큐	2025.04.30
5	중국의 '은밀한 위협', 전기차 배터리가 스파이웨어로? - 시큐리티팩트	2025.04.30

Additional information

No	Title	Date
1	틱톡, 유럽 사용자 데이터 중국 전송.. 8000억대 벌금 - 시큐리티팩트	2025.05.03
2	Saskatoon children’s hospital nurse unlawfully snooped on records of 314 patients: privacy report - Malware.News	2025.05.03
3	Dating app Raw exposed users’ location data and personal information - Malware.News	2025.05.03
4	Hacker hired Telangana man to courier threats to Star Health Insurance MD - Malware.News	2025.05.03
5	Acadian Ambulance Seeks Dismissal of Data Breach Lawsuit - Malware.News	2025.05.03
View only the last 5

No	Title	Date
1	SKT 해킹 배후에 중국 그림자?.. 악명 떨치는 중국계 해킹 조직들 - 시큐리티팩트	2025.05.02
2	SKT 해킹 배후에 중국 그림자?.. 악명 떨치는 중국계 해킹 조직들 - 시큐리티팩트	2025.05.02
3	Detailed Analysis of BPFDoor targeting South Korean Company - Malware.News	2025.05.01
4	Detailed Analysis of BPFDoor targeting South Korean Company - Malware.News	2025.05.01
5	Detailed Analysis of BPFDoor targeting South Korean Company - Malware.News	2025.05.01
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	eDeposit.exe njRAT backdoor Generic Malware Antivirus Malicious Library UPX PE File CAB OS Name Check MSOffice File PE32 OS Processor Check DLL	813662b01fff61c575ccc142d2c93393	60304	2025.05.01
2	Swift_copy.exe njRAT backdoor Generic Malware Antivirus Malicious Library UPX PE File CAB OS Name Check MSOffice File PE32 OS Processor Check DLL	178ee1ee6d9b7cd6c0f7233c144f423f	60290	2025.04.30
3	file4.exe njRAT backdoor AsyncRAT Generic Malware task schedule Downloader Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Packer ASPack Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS S	e08bd789d9f45b08fe924d94b955d869	60270	2025.04.29
4	sdc.exe njRAT backdoor Generic Malware PE File .NET EXE PE32	7020cfffa61029750dd0bfb5f347fc35	60278	2025.04.29
5	PropertyFiles_2025-04-21.exe njRAT backdoor Generic Malware Antivirus Malicious Library UPX PE File CAB OS Name Check MSOffice File PE32 OS Processor Check DLL	b4f9c6f50cc331920c86a36e83e6b9f6	59888	2025.04.24
View only the last 5

Level	Description
warning	File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch	Creates known Upatre files
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates executable files on the filesystem
notice	Drops an executable to the user AppData folder
notice	One or more potentially interesting buffers were extracted
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Queries for the computername
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path
info	Uses Windows APIs to generate a cryptographic key

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://92.41.52.166:8083/sshd backdoor censys elf sshdkit	GB	Three	DaveLikesMalwre	2025.05.04
2	http://134.35.31.210:8080/sshd backdoor censys elf sshdkit	YE	...	DaveLikesMalwre	2025.05.04
3	http://120.61.29.97:2000/sshd backdoor censys elf sshdkit	IN	...	DaveLikesMalwre	2025.05.04
4	http://59.182.123.229:2000/sshd backdoor censys elf sshdkit	IN		DaveLikesMalwre	2025.05.04
5	http://86.150.68.246:82/sshd backdoor censys elf sshdkit	GB	British Telecommunications PLC	DaveLikesMalwre	2025.05.04
View only the last 5

Beta Service, If you select keyword, you can check detailed information.