The marketing campaign focused South Korea and Japan
Primarily based on the evaluation of the marketing campaign infrastructure, menace actors have been attacking South Korea, the US, China, Japan, Germany, Singapore, South Africa, the Netherlands, Mexico, Vietnam, Belgium, the UK, Canada, Thailand, and Poland.
Nonetheless, AhnLab researchers have been solely in a position to retrieve samples of phishing emails despatched to South Korea and Japan. “These menace actors have been attacking South Korea’s software program, power, and monetary industries since October 2023,” the researchers mentioned.
As indicators of compromise (IOCs), the researchers shared a listing of hash capabilities (MD5), URLs, and domains (FQDN) that security groups can set detection alerts for.