Security News > 2023 > July > STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.

Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. "Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North Korean groups such as APT37 as South Korea has historically been a primary target of the group, especially its government officials," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.

The phishing emails that act as the progenitor make use of U.S. Army recruitment messages to convince recipients into opening a ZIP archive file, which contains a shortcut file that appears under the guise of a PDF document.

The disclosure comes as APT37 has also been observed making use of CHM files in phishing emails impersonating security emails from financial institutes and insurance companies to deploy information-stealing malware and other binaries, according to the AhnLab Security Emergency Response Center.

"In particular, malware that targets specific users in Korea may include content on topics of interest to the user to encourage them to execute the malware, so users should refrain from opening emails from unknown sources and should not execute their attachments," ASEC said.

APT37 is one of the many North Korean state-sponsored groups that have drawn attention for executing attacks that are designed to perpetrate financial theft - including the recent attacks on Alphapo and CoinsPaid - and gather intelligence in pursuit of the regime's political and national security objectives.

News URL

https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html