Info-Stealing APT Campaign Attacks South Korean Industrial Companies

It's not surprising to once again see phishing being used in this attack, as it continues to be the most effective way to spread malware, ransomware and perform financial scams. These phishing emails appear to be fairly targeted, using industry-specific topics to trick the victims into opening infected documents. In addition, the attackers are likely using publicly available information, called Open Source Intelligence (OSINT), to further refine the emails to be more effective. Many organizations underestimate how much information is available publicly through press releases, corporate websites and sources such as LinkedIn. This information can be quickly gathered and used to make very convincing phishing emails that use relevant topics and events to convince the victims that the email is legitimate. While a fairly simple type of malware, Separ continues to be very viable as seen here. To defend against this threat, organizations should block outbound FTP connections where possible and monitor any connections that are required, block or inspect any incoming .ZIP files at the email server and educate employees on how to spot and report these types of phishing emails.  Read Less