Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration
released on 2021-01-05 @ 04:17:15 PM
TrendMicro discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely-used in Taiwan. With no clear connection to any previous attack group, they gave this new threat actor the name “Earth Wendigo.”