A new and highly active advanced persisten threat (APT) campaign, dubbed 'NaiveCopy', has been attacking stock and crypto-currency investors in South Korea, by using crypto-currency-related content and warnings from law enforcements as a lure.
The infection chains involved remote template injection, spawning a malicious macro which starts a multi-stage infection procedure using Dropbox. After beaconing the victim’s host information, the malware then attempts to fetch the final stage payload.
What is unusual, Kaspersky says, is that most APT actors do not pursue financial gain.
Kaspersky also says that in the second quarter of 2022, its researchers witnessed a growing number of threat actors targeting the crypto-currency industry.
APT actors are continuously changing their tactics, sharpening their toolsets and developing new techniques, the security giant adds.
In this case, the researchers were able to acquire the final stage payload, consisting of several modules used for exfiltrating sensitive information from the victim. By analysing this, they found additional samples that had been used a year ago during another campaign against entities in Mexico and the UK.
The researchers say they do not see any precise connections to known threat actors, but they believe that they are familiar with the Korean language and have utilised a similar tactic previously used by the Konni group to steal the login credentials for a renowned Korean portal.
The Konni group is a threat actor which has been active since mid-2021, mostly targeting Russian diplomatic entities.
Kaspersky releases a regular three-month APT trends report, using its private threat intelligence research and includes major developments and cyber-incidents that researchers believe everyone should be aware of.
David Emm, principal security researcher at Kaspersky’s GReAT, says: “Over the course of several quarters, we have seen APT actors turn their attention to the crypto-currency industry. Using various techniques, the actors seek not only information, but money as well. This is an unusual, but increasing, tendency for the APT landscape. In order to combat the threats, organisations need to gain visibility across the recent cyber threat landscape. Threat intelligence is an essential component that enables reliable and timely anticipation of such attacks.”
Share