Analysis of a secret theft attack against multiple institutions in South Korea
released on 2022-06-17 @ 08:34:35 AM
Antiy CERT detected a secret theft attack targeting Korea Scholarship Foundation, heavy industry companies and other institutions. Attackers used phishing emails to deliver malicious payloads with the subject of "Requesting Basic Industry Quotations", in order to induce victims to decompress and execute the LokiBot Trojan in the compressed package, resulting in user information disclosure.