Larva-24010Larva-24010

Also known as: Larva-24010

Known aliases
1

Profile

The Larva-24010 threat actor is distributing malware through the website of a Korean VPN service provider. As a result, when a user downloads and runs the installer from the VPN website, malware can be installed on the system. Since at least 2023, the Larva-24010 threat actor has been targeting Korean VPN users to spread malware, ultimately installing various backdoors such as MeshAgent, gs-netcat, and NKNShell. Through this, the attacker can control infected systems where the VPN is installed and steal sensitive information stored on those systems.

Aliases· 1

Larva-24010

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Larva-24005
Actor
Larva‑25012
Actor
Larva-208
Actor
Larva-26002
Actor
TA406
Actor
UNC2630
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.