South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware
South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware
02 July 2024
An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor.
The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the