Info-Stealing APT Campaign Attacks South Korean Industrial Companies

It has been reported that over 200 industrial companies were affected by an info-stealing APT campaign. The victims of advanced persistent threat (APT) group mainly from South Korea but it has been reported to affect firms reside in other countries including Japan, Indonesia, Turkey, Germany and United Kingdom.

 

Experts Comments

December 19, 2019
Erich Kron
Security Awareness Advocate
KnowBe4
It's not surprising to once again see phishing being used in this attack, as it continues to be the most effective way to spread malware, ransomware and perform financial scams. These phishing emails appear to be fairly targeted, using industry-specific topics to trick the victims into opening infected documents. In addition, the attackers are likely using publicly available information, called Open Source Intelligence (OSINT), to further refine the emails to be more effective. Many.....Read More
It's not surprising to once again see phishing being used in this attack, as it continues to be the most effective way to spread malware, ransomware and perform financial scams. These phishing emails appear to be fairly targeted, using industry-specific topics to trick the victims into opening infected documents. In addition, the attackers are likely using publicly available information, called Open Source Intelligence (OSINT), to further refine the emails to be more effective. Many organizations underestimate how much information is available publicly through press releases, corporate websites and sources such as LinkedIn. This information can be quickly gathered and used to make very convincing phishing emails that use relevant topics and events to convince the victims that the email is legitimate. While a fairly simple type of malware, Separ continues to be very viable as seen here. To defend against this threat, organizations should block outbound FTP connections where possible and monitor any connections that are required, block or inspect any incoming .ZIP files at the email server and educate employees on how to spot and report these types of phishing emails.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.