VERY IMPORTANT

The APT-C-60 group targeted organizations in Japan and East Asia with a sophisticated attack campaign. The attack begins with a phishing email containing a Google Drive link to download a VHDX file. This file includes an LNK file that executes a downloader, which then retrieves a backdoor called SpyGrace. The attackers use legitimate services like Bitbucket and StatCounter for command and control. The malware achieves persistence through COM hijacking and employs various techniques to evade detection. The campaign likely targeted multiple East Asian countries, using similar tactics across different attacks.