Quote:Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT, a commodity infostealer available widely for purchase on criminal forums, researchers have found.
 
The threat group Aggah, believed to be affiliated with Pakistan and first identified in March 2019, is delivering the RAT in a campaign aimed at spreading malware to manufacturing companies in Taiwan and South Korea, according to new research from threat detection and response security firm Anomali.
 
The campaign, which began in early July, uses spoofed email addresses appearing to originate with legitimate customers of the manufacturers, signaling that it was the work of Aggah, researchers noted.
 
“Spoofed business-to-business (B2B) email addresses against the targeted industry is activity consistent with Aggah,” Tara Gould and Rory Gould from Anomali Threat Research wrote in a report on the campaign published Thursday.
 
Researchers from Palo Alto Network’s Unit 42 first discovered Aggah in March 2019 in a campaign targeting entities in the United Arab Emirates that later was identified as a global phishing campaign designed to deliver RevengeRAT, researchers said.
 
The group, which typically aims to steal data from targets, was first thought to be associated with Gorgon Group: a Pakistani group known for targeting Western governments. This association has not been proven, but researchers tend to agree that the Urdu-speaking group originated in Pakistan, according to Anomali.