Aggah Using Compromised Websites to Target Industry Across Asia, Including Taiwan Manufacturing Industry
released on 2021-08-13 @ 06:33:58 AM
Discovered a spearphishing campaign that appears to have begun in early July 2021, targeting the manufacturing industry in Asia. The tactics, techniques, and procedures (TTPs) identified in this campaign align with the threat group Aggah. Analysis found multiple PowerPoint files that contained malicious macros that used MSHTA to execute a script utilizing PowerShell to load hex-encoded payloads.