Securonics, a U.S.-based cybersecurity firm, announced on the 3rd that the North Korean hacking group ‘APT37’ is carrying out new cyberattacks against Southeast Asian countries.
APT37 has even been found to be targeting North Korea’s allies, including Cambodia.
According to Securonics, APT37 has a long history of carrying out attacks against several Southeast Asian countries in addition to South Korea.
They attack victims using a stealthy malware called ‘VeilShell’, which is based on Powershell, mainly through phishing emails.
Phishing emails often contain a zip file attachment that contains malware, which, when opened by the user, installs the malware.
The primary target of this attack appears to be Cambodia, but it could expand to other Southeast Asian countries, Securonics said.
“Attackers continue to exploit commonly trusted system tools to bypass security measures, so we must remain vigilant,” Securonics said. “This cyberattack, in particular, is likely to have started via a phishing email.”
He also warned, “Do not download files received via email if the sender is untrustworthy,” and “Be careful, as downloading files through external links can be dangerous.”
In particular, he added that since zip files were the main file type used in this attack, even password-protected zip files can be used, so extra caution is advised. (Source: VOA News)