Security News > 2023 > September > New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear.
The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report.
Exe binary and an AutoIt script that's launched using the former.
The AutoIt script, for its part, performs process injection using a process hollowing technique, in which malicious code is inserted into a process that's in a suspended state.
The attack has been loosely pinned on a North Korean nation-state actor named Kimsuky, citing similarities with the initial attack vector and the PowerShell commands used.
Earlier this February, Interlab also revealed that North Korean nation-state actors targeted a journalist in South Korea with Android malware dubbed RambleOn as part of a social engineering campaign.
News URL
https://thehackernews.com/2023/09/new-superbear-trojan-emerges-in.html
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)