Attacks by APT-C-60 Group Exploiting Legitimate Services
Nov. 29, 2024, 1:34 p.m.
Tags
External References
Description
The APT-C-60 group targeted organizations in Japan and East Asia with a sophisticated attack campaign. The attack begins with a phishing email containing a Google Drive link to download a VHDX file. This file includes an LNK file that executes a downloader, which then retrieves a backdoor called SpyGrace. The attackers use legitimate services like Bitbucket and StatCounter for command and control. The malware achieves persistence through COM hijacking and employs various techniques to evade detection. The campaign likely targeted multiple East Asian countries, using similar tactics across different attacks.
Date
Published: Nov. 27, 2024, 6:36 p.m.
Created: Nov. 27, 2024, 6:36 p.m.
Modified: Nov. 29, 2024, 1:34 p.m.
Attack Patterns
SpyGrace
APT-C-60
T1021.006
T1547.001
T1113
T1070.004
T1562.001
T1573
T1218
T1106
T1082
T1057
T1105
T1083
T1071
T1102
T1204
T1140
T1027
T1566
T1059
Additional Informations
China
Japan