Security News > 2021 > September > A New Wave of Malware Attack Targeting Organizations in South America
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat tracked as APT-C-36, a suspected South America espionage group that has been active since at least 2018 and previously known for setting its sights on Colombian government institutions and corporations spanning financial, petroleum, and manufacturing sectors.
Primarily spread via fraudulent emails by masquerading as Colombian government agencies, such as the National Directorate of Taxes and Customs, the infection chain commences when the message recipients open a decoy PDF or Word document that claims to be a seizure order tied to their bank accounts and click on a link that's been generated from a URL shortener service like cort.
"These URL shorteners are capable of geographical targeting, so if a user from a country not targeted by the threat actors clicks on the link, they will be redirected to a legitimate website," Trend Micro researchers detailed in a report published last week.
"The URL shorteners also have the ability to detect the major VPN services, in which case, the shortened link leads the users to a legitimate website instead of redirecting them to the malicious link."
"APT-C-36 selects their targets based on location and most likely the financial standing of the email recipient," the researchers said.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)