Security News > 2023 > September > New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear.
The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report.
Exe binary and an AutoIt script that's launched using the former.
The AutoIt script, for its part, performs process injection using a process hollowing technique, in which malicious code is inserted into a process that's in a suspended state.
The attack has been loosely pinned on a North Korean nation-state actor named Kimsuky, citing similarities with the initial attack vector and the PowerShell commands used.
Earlier this February, Interlab also revealed that North Korean nation-state actors targeted a journalist in South Korea with Android malware dubbed RambleOn as part of a social engineering campaign.
News URL
https://thehackernews.com/2023/09/new-superbear-trojan-emerges-in.html
Related news
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)