Industrial Cyber-Espionage Campaign Targets Hundreds of Companies
An advanced threat actor, nicknamed Gangnam Industrial Style, targeted hundreds of industrial companies across the globe, using a new version of an old info-stealer to extract sensitive data. The spear-phishing campaign comprises of malicious attachments disguised as PDF files, which drop Separ malware when clicked. Separe malware steals login data from browsers and email clients. The campaign has already compromised at least 200 systems, 60% of which are based in South Korea and consist of manufacturers, an engineering company, and a chemical plant construction company.
Researchers from CyberX’s threat intelligence team discovered that systems have been compromised across Asia and Europe, including Thailand, China, Japan, Indonesia, Turkey, Ecuador, Germany, and the UK. The malicious emails are composed specifically for the recipient, and in one case, the attacker posed as an employee of a subsidiary making a request for a quote for designing a power plant in the Czech Republic, including a diagram and technical paper on how to fun the plant.