September 22, 2023

Security researchers discovered a new ransomware family dubbed GwisinLocker targeting Linux-based systems in South Korea.

This campaign targets firms in the industrial and pharmaceutical space. GwisinLocker is a new malware variant created by a previously little-known threat actor called “Gwisin”.

Advertisements

While communicating with victims, the group claims to have deep knowledge of their network and claim that they exfiltrated data.

Ransom notes of GwisinLocker.Linux contained detailed internal information from the compromised environment, and encrypted files used file extensions customized to use the name of the victim company.

To pay the ransom, victims are required to log into a portal operated by the group and establish private communications channels for completing ransom payments.

Gwisin may be a North Korean-linked APT group. Since they well versed in local korean language. This threat actor may expand its campaigns to organizations in other sectors, or even outside of South Korea.

Advertisements

This research was conducted and documented by researchers from Reversing Labs

Indicators of Compromise

  • ce6036db4fee35138709f14f5cc118abf53db112
  • e85b47fdb409d4b3f7097b946205523930e0c4ab
Tags:

Leave a Reply

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: