East Asia News

thumbnail

Massive phishing campaign uses 500+ domains leading to fake login pages

Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet. The resources used for this attack show the sheer size of the cybercriminal effort to collect login data to be used in various attacks. Similar to Google, Naver provides a diverse set of services that range from web search to email, news, and the NAVER Knowledge iN online Q&A platform. Read more about it here.

thumbnail

Antlion: Chinese APT uses custom backdoor to target financial institutions in Tawain

Chinese state-backed advanced persistent threat (APT) group Antlion has been targeting financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. The attackers deployed a custom backdoor we have called xPack on compromised systems, which gave them extensive access to victim machines. The backdoor allowed the attackers to run WMI commands remotely, while there is also evidence that they leveraged EternalBlue exploits in the backdoor.   Read more about it here.