popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/17 13:21

First reported date: 2011/08/17
Inquiry period : 2025/03/18 13:21 ~ 2025/04/17 13:21 (1 months), 48 search results

전 기간대비 52% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 plugin WordPress Malware Exploit Update 입니다.
공격기술 RCE hijack Social Engineering ClickFix apt 도 새롭게 확인됩니다.
기관 및 기업 Microsoft ESET Oracle dprk Amazon 도 새롭게 확인됩니다.
기타 directory securityaffairs Device OttoKit detection 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin
    ㆍ 2025/04/11 Immediate exploitation of high-severity WordPress plugin flaw reported
    ㆍ 2025/04/11 OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1plugin 48 ▲ 25 (52%)
2WordPress 27 ▲ 21 (78%)
3Malware 22 ▲ 9 (41%)
4Exploit 16 ▲ 9 (56%)
5Update 13 ▲ 5 (38%)
6Vulnerability 11 ▲ 5 (45%)
7Report 11 ▲ 7 (64%)
8target 10 ▲ 3 (30%)
9Remote Code Execution 7 ▼ -3 (-43%)
10intelligence 7 ▲ 2 (29%)
11directory 6 ▲ new
12attack 6 ▲ 1 (17%)
13hacking 5 ▲ 4 (80%)
14Advertising 5 ▼ -2 (-40%)
15securityaffairs 5 ▲ new
16CVSS 5 ▲ 3 (60%)
17United States 5 ▼ -1 (-20%)
18Wordfence 5 ▲ 3 (60%)
19Device 4 ▲ new
20OttoKit 4 ▲ new
21detection 4 ▲ new
22Custom 4 ▲ new
23RCE 3 ▲ new
24code 3 - 0 (0%)
25httpstcoK 3 ▲ new
26GitHub 3 ▲ 2 (67%)
27Defender 3 ▲ new
28Campaign 3 - 0 (0%)
29Hidden 3 ▲ new
30Microsoft 3 ▲ new
31c&c 3 - 0 (0%)
32Operation 3 - 0 (0%)
33MuPlugins 3 ▲ new
34Threat 2 ▲ new
35littleknown 2 ▲ new
36file 2 - 0 (0%)
37Copilot 2 ▲ new
38ESET 2 ▲ new
39access 2 ▲ 1 (50%)
40Phishing 2 - 0 (0%)
41hijack 2 ▲ new
42Spain 2 ▲ 1 (50%)
43Password 2 - 0 (0%)
44malicious 2 ▲ 1 (50%)
45Backdoor 2 ▼ -1 (-50%)
46Discord 2 ▲ 1 (50%)
47IoC 2 - 0 (0%)
48Software 2 ▼ -7 (-350%)
49CVE 2 ▲ new
50Plugins 2 ▲ 1 (50%)
51admin 2 ▲ new
52secure 2 ▲ new
53Linux 2 ▲ new
54Education 2 ▼ -1 (-50%)
55Windows 2 ▲ 1 (50%)
56Amazons 1 ▲ new
57flaw 1 ▲ new
58SSM 1 ▲ new
59AWS 1 ▲ new
60자금 1 ▲ new
61North Korea 1 - 0 (0%)
62WhatsApp 1 ▲ new
63자료 1 ▲ new
64해명 1 ▲ new
65account 1 ▲ new
66sherrodim 1 ▲ new
67출처 1 ▲ new
68go2kgstancomlayoutspluginsuserhurryuprvbearampzabattle0 1 ▲ new
69미신 1 ▲ new
70Oracle 1 ▲ new
71Automator 1 ▲ new
72Uncanny 1 ▲ new
73March 1 ▲ new
74Browser 1 - 0 (0%)
75Social Engineering 1 ▲ new
76QR 1 ▲ new
77VPN 1 ▲ new
78dprk 1 ▲ new
79Supply chain 1 - 0 (0%)
80ClickFix 1 ▲ new
81Weekly 1 ▲ new
82Recap 1 ▲ new
83Exploits 1 ▲ new
84Agent 1 ▲ new
85apt 1 ▲ new
86Membership 1 ▲ new
87Amazon 1 ▲ new
88blog 1 ▲ new
89LearnPress 1 ▲ new
90SureTriggers 1 ▲ new
91Artikel 1 ▲ new
92such 1 ▲ new
93critical 1 ▲ new
94ALERT 1 ▲ new
95exploitation 1 ▲ new
96Investigation 1 ▲ new
97Immediate 1 ▲ new
98highseverity 1 ▲ new
99realworld 1 ▲ new
100case 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Emotet
1 (100%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Exploit
16 (36.4%)
Remote Code Execution
7 (15.9%)
hacking
5 (11.4%)
RCE
3 (6.8%)
Campaign
3 (6.8%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
United States
5 (25%)
Microsoft
3 (15%)
ESET
2 (10%)
Spain
2 (10%)
North Korea
1 (5%)
Threat info
Last 5

SNS

(Total : 26)
  Total keyword

plugin WordPress Malware Exploit hacking Update Vulnerability Report CVE Attacker Microsoft attack Phishing payment Browser WhatsApp Spain RCE Remote Code Execution hijack Software Amazon Campaign apt North Korea dprk target

No Title Date
1Microsoft Threat Intelligence @MsftSecIntel
@sherrod_im However, the QR code is used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal. If the target follows the instructions on the page, the threat actor could gain access to messages in their WhatsApp account & exfiltrate data using browser plugins.		2025.04.16
2Cyber_OSINT @Cyber_O51NT
Threat actors are exploiting a serious vulnerability in the OttoKit WordPress plugin, allowing them to create admin accounts and take over sites; immediate updates to version 1.0.79 are urged to mitigate the risk. #WordPress #Security https://t.co/TucrhGd4lz		2025.04.13
3Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer
???????????? Alleged Compromised Shop Access – Spain A threat actor is allegedly auctioning access to a Spanish eCommerce site with active Stripe payment iframe. ???? WP Admin access (plugin enabled) ???? Stripe iframe integrated ???? 150+ carded orders in 13 days (April) ???? PPS: 24 ???? https:		2025.04.13
4Pierluigi Paganini - Security Affairs @securityaffairs
@patchstackapp @wordfence Attackers are exploiting recently disclosed #OttoKit #WordPress plugin flaw https://t.co/1JnCAiq4zP #securityaffairs #hacking		2025.04.12
5The Hacker News @TheHackersNews
ALERT — A critical OttoKit plugin flaw (CVE-2025-3102) is under active attack: 100K+ WordPress sites at risk. Hackers can create admin accounts and fully take over vulnerable sites. Check admin users → Remove any suspicious accounts. ???? Full details: https://t.co/IG8hKf1que https://t.co/XN2SzDe		2025.04.11

News

(Total : 22)
  Total keyword

plugin Malware WordPress Exploit target Report Update Attacker Vulnerability intelligence Remote Code Execution CVSS United States Advertising attack Operation c&c GitHub Password RCE Backdoor IoC Education Discord ESET Windows Linux Campaign Microsoft VMware Blue Team Spain Red Team Emotet OSINT Email Phishing ChatGPT Criminal Japan China ClickFix Software Supply chain VPN Oracle Social Engineering Webshell Cloudflare hijack Firmware CISA Forensics ...

No Title Date
16,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin - Malware.News2025.04.17
2Immediate exploitation of high-severity WordPress plugin flaw reported - Malware.News2025.04.11
3OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation - The Hacker News2025.04.11
4[webapps] LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection - Exploit-DB.com2025.04.11
5100,000 WordPress Sites Affected by Administrative User Creation Vulnerability in SureTriggers WordPress Plugin - Malware.News2025.04.10

Additional information

No data
No data
No data
No URL CC ASN Co Reporter Date
1http://94.140.114.21/vc32.tar
Gozi plugin ursnif ursnif related 		LV LVSia Nano ITJAMESWT_MHT2023.09.28
2http://94.140.114.21/vc64.tar
Gozi plugin ursnif ursnif related 		LV LVSia Nano ITJAMESWT_MHT2023.09.28
3http://94.140.112.19/sk32.jpg
Gozi ISFB plugin ursnif 		LV LVJAMESWT_MHT2023.09.27
4http://94.140.112.19/sk64.jpg
Gozi ISFB plugin ursnif 		LV LVJAMESWT_MHT2023.09.27
5http://94.247.42.213/stilak64.rar
Gozi ISFB plugin ursnif 		DE DEmeerfarbig GmbH & Co. KGabuse_ch2023.07.28
View only the last 5
Beta Service, If you select keyword, you can check detailed information.