Info-Stealing APT Campaign Attacks South Korean Industrial Companies

It has been reported that over 200 industrial companies were affected by an info-stealing APT campaign. The victims of advanced persistent threat (APT) group mainly from South Korea but it has been reported to affect firms reside in other countries including Japan, Indonesia, Turkey, Germany and United Kingdom.

 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Erich Kron
Erich Kron , Security Awareness Advocate
InfoSec Expert
December 19, 2019 11:26 am

It\’s not surprising to once again see phishing being used in this attack, as it continues to be the most effective way to spread malware, ransomware and perform financial scams. These phishing emails appear to be fairly targeted, using industry-specific topics to trick the victims into opening infected documents. In addition, the attackers are likely using publicly available information, called Open Source Intelligence (OSINT), to further refine the emails to be more effective.

Many organizations underestimate how much information is available publicly through press releases, corporate websites and sources such as LinkedIn. This information can be quickly gathered and used to make very convincing phishing emails that use relevant topics and events to convince the victims that the email is legitimate.

While a fairly simple type of malware, Separ continues to be very viable as seen here.

To defend against this threat, organizations should block outbound FTP connections where possible and monitor any connections that are required, block or inspect any incoming .ZIP files at the email server and educate employees on how to spot and report these types of phishing emails.

Last edited 2 years ago by Erich Kron
1
0
Would love your thoughts, please comment.x
()
x