Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies – CyberX
Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. The campaign steals passwords and documents which could be used in a number of ways, including stealing trade secrets and intellectual property, performing cyber reconnaissance for future attacks, and …
Erich Kron, Security Awareness Advocate, KnowBe4:
“It’s not surprising to once again see phishing being used in this attack, as it continues to be the most effective way to spread malware, ransomware and perform financial scams. These phishing emails appear to be fairly targeted, using industry-specific topics to trick the victims into opening infected documents. In addition, the attackers are likely using publicly available information, called Open Source Intelligence (OSINT), to further refine the emails to be more effective.
Many organizations underestimate how much information is available publicly through press releases, corporate websites and sources such as LinkedIn. This information can be quickly gathered and used to make very convincing phishing emails that use relevant topics and events to convince the victims that the email is legitimate.
While a fairly simple type of malware, Separ continues to be very viable as seen here.
To defend against this threat, organizations should block outbound FTP connections where possible and monitor any connections that are required, block or inspect any incoming .ZIP files at the email server and educate employees on how to spot and report these types of phishing emails.”