Attacks by APT-C-60 Group Exploiting Legitimate Services

Nov. 29, 2024, 1:34 p.m.

Description

The APT-C-60 group targeted organizations in Japan and East Asia with a sophisticated attack campaign. The attack begins with a phishing email containing a Google Drive link to download a VHDX file. This file includes an LNK file that executes a downloader, which then retrieves a backdoor called SpyGrace. The attackers use legitimate services like Bitbucket and StatCounter for command and control. The malware achieves persistence through COM hijacking and employs various techniques to evade detection. The campaign likely targeted multiple East Asian countries, using similar tactics across different attacks.

External References

https://blogs.jpcert.or.jp/ja/2024/11/APT-C-60.html
https://otx.alienvault.com/pulse/674766b359055dd3083ffd4c
Tags
phishing
lnk
downloader
com hijacking
bitbucket
2024-11-27
statcounter
east asia
vhdx
spygrace

Date

  • Created: Nov. 27, 2024, 6:36 p.m.
  • Published: Nov. 27, 2024, 6:36 p.m.
  • Modified: Nov. 29, 2024, 1:34 p.m.

Attack Patterns

  • SpyGrace
  • APT-C-60
  • T1021.006
  • T1547.001
  • T1113
  • T1070.004
  • T1562.001
  • T1573
  • T1218
  • T1106
  • T1082
  • T1057
  • T1105
  • T1083
  • T1071
  • T1102
  • T1204
  • T1140
  • T1027
  • T1566
  • T1059

Additional Informations

  • China
  • Japan