The North Korean Lazarus Hacking Group, suspected to be behind the WannaCry ransomware attack last year, has returned with a new crime spree, this time targeting financial institutions and bitcoin users with phishing emails, posing as job recruiters.
The campaign was discovered by the McAfee Advanced Threat Research (ATR) analysts and dubbed as “HaoBao”. It was designated by McAfee as an “aggressive Bitcoin-stealing phishing campaign” that uses “sophisticated malware with long-term impact.”
While the form of attack seems nothing new, the two-stage attack malware has surprised researchers.
“This campaign deploys a one-time data gathering implant that relies upon downloading a second stage to gain persistence,” said McAfee analyst Ryan Sherstobitoff. “The implants contain a hardcoded word ‘haobao’ that is used as a switch when executing from the Visual Basic macro.”
It works by sending malicious documents as attachments to unsuspecting targets, who open the malicious document and unknowingly allow the malware to scan for Bitcoin activity, after which it establishes an implant for long-term data gathering on being successful.
According to the firm, McAfee ATR first discovered of the malware on January 15th, when they spotted a malicious document passed off as a job recruitment for a Business Development Executive at a multi-national bank based in Hong Kong. More detail in a blog by McAfee.
Do your users know what to do when they receive a suspicious email?
Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?
KnowBe4’s Phish Alert button now also works for Gmail users with G Suite using Chrome. This gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!
Best of all, there is no charge!
- Reinforces your organization's security culture
- Incident Response gets early phishing alerts from users, creating a network of “sensors”
- Email is deleted from the user's inbox to prevent future exposure
- Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
- Supports: Outlook 2007, 2010, 2013, 2016 & Outlook for Office 365, Exchange 2013 & 2016, Chrome 54 and later (Linux, OS X and Windows)
This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!
If you do not like to click on buttons with redirects, here is a link you can cut and paste into your browser: https://info.knowbe4.
