Trendmicro has been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents we observed in the wild, this is a large-scale cyberespionage campaign that began around March. After months of tracking, the seemingly wide outbreak of targeted attacks includes but not limited to Myanmar, Australia, the Philippines, Japan and Taiwan.
REFERENCES: https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html
ADVERSARY: Earth Preta
INDUSTRY: Government
TARGETED COUNTRIES: Taiwan, Japan, Philippines, Australia, Myanmar
MALWARE FAMILIES: TONEINS, PUBLOAD, TONESHELL
ATT&CK IDS: T1583 - Acquire Infrastructure, T1587 - Develop Capabilities, T1585 - Establish Accounts, T1588 - Obtain Capabilities, T1608 - Stage Capabilities, T1192 - Spearphishing Link, T1204 - User Execution, T1547 - Boot or Logon Autostart Execution, T1574 - Hijack Execution Flow, T1053 - Scheduled Task/Job, T1140 - Deobfuscate/Decode Files or Information, T1036 - Masquerading, T1071 - Application Layer Protocol, T1573 - Encrypted Channel, T1104 - Multi-Stage Channels, T1095 - Non-Application Layer Protocol
Read More:
Comentarios