Today > 1 Critical | 2 High | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Attacks by APT-C-60 Group Exploiting Legitimate Services

Nov. 29, 2024, 1:34 p.m.

Description

The APT-C-60 group targeted organizations in Japan and East Asia with a sophisticated attack campaign. The attack begins with a phishing email containing a Google Drive link to download a VHDX file. This file includes an LNK file that executes a downloader, which then retrieves a backdoor called SpyGrace. The attackers use legitimate services like Bitbucket and StatCounter for command and control. The malware achieves persistence through COM hijacking and employs various techniques to evade detection. The campaign likely targeted multiple East Asian countries, using similar tactics across different attacks.

Date

Published: Nov. 27, 2024, 6:36 p.m.

Created: Nov. 27, 2024, 6:36 p.m.

Modified: Nov. 29, 2024, 1:34 p.m.

Attack Patterns

SpyGrace

APT-C-60

T1021.006

T1547.001

T1113

T1070.004

T1562.001

T1573

T1218

T1106

T1082

T1057

T1105

T1083

T1071

T1102

T1204

T1140

T1027

T1566

T1059

Additional Informations

China

Japan