WordPress Sites Abused in Aggah Spear-Phishing Campaign
#1
Information 
Quote:Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT, a commodity infostealer available widely for purchase on criminal forums, researchers have found.
 
The threat group Aggah, believed to be affiliated with Pakistan and first identified in March 2019, is delivering the RAT in a campaign aimed at spreading malware to manufacturing companies in Taiwan and South Korea, according to new research from threat detection and response security firm Anomali.
 
The campaign, which began in early July, uses spoofed email addresses appearing to originate with legitimate customers of the manufacturers, signaling that it was the work of Aggah, researchers noted.
 
“Spoofed business-to-business (B2B) email addresses against the targeted industry is activity consistent with Aggah,” Tara Gould and Rory Gould from Anomali Threat Research wrote in a report on the campaign published Thursday.
 
Researchers from Palo Alto Network’s Unit 42 first discovered Aggah in March 2019 in a campaign targeting entities in the United Arab Emirates that later was identified as a global phishing campaign designed to deliver RevengeRAT, researchers said.
 
The group, which typically aims to steal data from targets, was first thought to be associated with Gorgon Group: a Pakistani group known for targeting Western governments. This association has not been proven, but researchers tend to agree that the Urdu-speaking group originated in Pakistan, according to Anomali.

Read more: WordPress Sites Abused in Aggah Spear-Phishing Campaign
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>