Security News > 2023 > September > New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear.
The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report.
Exe binary and an AutoIt script that's launched using the former.
The AutoIt script, for its part, performs process injection using a process hollowing technique, in which malicious code is inserted into a process that's in a suspended state.
The attack has been loosely pinned on a North Korean nation-state actor named Kimsuky, citing similarities with the initial attack vector and the PowerShell commands used.
Earlier this February, Interlab also revealed that North Korean nation-state actors targeted a journalist in South Korea with Android malware dubbed RambleOn as part of a social engineering campaign.
News URL
https://thehackernews.com/2023/09/new-superbear-trojan-emerges-in.html
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)