◈ Executive Summary
- Impersonating policy conferences, advisory meetings, surveys, and lecture notifications
- Initial access starts with legitimate emails, utilizing responsive spear-phishing strategies
- Utilizing multistage attack chain of legitimate Dropbox and TutorialRAT attacks
- Confirmed as an extension of APT43 group’s BabyShark threat campaign
- Preemptive identification possible through Genian EDR’s XBA anomaly detection technology
Full Report: https://www.genians.co.kr/blog/threat_intelligence/dropbox