APT37 Launches Targeted Cyberattack Using Social Media and Tampered Software

Severity: High (Score: 75.5)

Sources: Gbhackers, Cybersecuritynews

Summary

APT37, a North Korean state-sponsored threat group, has initiated a new targeted intrusion campaign aimed at defense-related entities. The attack utilizes social media platforms like Facebook and encrypted messaging apps such as Telegram, alongside a tampered installer of Wondershare PDFelement, to gain unauthorized access to sensitive data. This operation showcases APT37's advanced social engineering tactics, making it difficult for victims to identify the threat. The campaign is characterized by its stealthy approach and the effective mimicry of legitimate digital interactions. Current reports indicate that the campaign is ongoing, with a focus on exfiltrating sensitive information. Organizations in the defense sector are particularly at risk, necessitating enhanced security measures. Behavior-based endpoint detection and response (EDR) solutions are recommended to detect process injection and other malicious activities. Key Points: • APT37 targets defense-related entities using social media and tampered software installers. • The attack employs advanced social engineering techniques to evade detection. • Organizations are advised to implement behavior-based EDR to counteract the threat.

Key Entities

• Apt37 (apt_group)
• Data Breach (attack_type)
• Malware (attack_type)
• T1055 - Process Injection (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Facebook (platform)
• Telegram (platform)
• Wondershare PDFelement (platform)