Security News > 2020 > June > Companies Using Zeplin Platform Targeted by Korean Hackers
A Korean threat actor known as Higaisa has been employing malicious LNK files in recent attacks targeting organizations that use the Zeplin collaboration platform.
Over the past several weeks, the hackers launched multi-stage attacks that employed malicious shortcut files and resulted in the delivery of decoy PDF documents, malicious scripts, and payloads.
The archive contains two LNK files and a PDF document, all of them referencing Zeplin.
According to security researchers at Prevailion, the threat actor prepared the first attack at least one week before launch, by creating a decoy PDF file on May 5, followed by the creation of additional files used in the attack.
All of the attacks appear associated with Higaisa and show the threat actor's ability to tailor its attacks based on current events: the hackers started leveraging not only the increased interest in the COVID-19 crisis, but also the increased adoption of collaboration tools to facilitate working from home during the pandemic.