Attacks by APT-C-60 Group Exploiting Legitimate Services
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The APT-C-60 group targeted organizations in Japan and East Asia with a sophisticated attack campaign. The attack begins with a phishing email containing a Google Drive link to download a VHDX file. This file includes an LNK file that executes a downloader, which then retrieves a backdoor called SpyGrace. The attackers use legitimate services like Bitbucket and StatCounter for command and control. The malware achieves persistence through COM hijacking and employs various techniques to evade detection. The campaign likely targeted multiple East Asian countries, using similar tactics across different attacks.
OPENCTI LABELS :
phishing,downloader,lnk,com hijacking,bitbucket,statcounter,east asia,vhdx,spygrace
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Attacks by APT-C-60 Group Exploiting Legitimate Services