Summary: The BI.ZONE Threat Intelligence team identified a new cyber-espionage campaign linked to the North Korean group Squid Werewolf (APT37), which uses fake job offers to deliver malicious payloads. This campaign involves sophisticated phishing techniques that exploit the credibility of industrial organizations, leading to remote code execution and persistence on infected systems. Attackers deploy a series of malicious files and PowerShell commands to execute their payloads while ensuring stealth and evasion of detection mechanisms.
Affected: Various industrial organizations
Keypoints :
- Squid Werewolf (APT37) uses fake job offers to lure victims into opening malicious attachments.
- The phishing campaign included password-protected ZIP files that looked credible to enhance success rates.
- The infection chain involves executing malicious PowerShell commands, establishing persistence, and fetching additional payloads using AES encryption.
- The latest campaign shows similarities to previous operations, indicating evolving tactics and techniques for stealth and persistence.