Cyber News

Mon, 9 Jan 2017 Advanced Persistent Threat (APT)

APT Group Deploys Malware Against Japanese

APT

The DragonOK advanced persistent threat (APT) group has been deploying Sysget, TidePool, and IsSpace malware against Japanese users in recent months. The malware are distributed through phishing emails containing malicious attachments, and Rich Text Format (RTF) documents that exploit a Microsoft Word vulnerability to drop malicious payloads. When the malicious documents are clicked on, decoy documents that masquerade as legitimate documents are opened to minimise suspicions.

The most targeted industries in Japan include manufacturing, higher education, energy, and technology. DragonOK is also likely seeking victims in Taiwan, Tibet, and Russia.

 

References:
DragonOK Updates Toolset and Targets Multiple Geographic Regions
Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets


Certis CISCO Terms of Use Privacy Policy © 2017 Quann
Back to top