Phishing Email Impersonating Quasi-governmental Organization Being Distributed Posted By jcleebobgatenet , December 8, 2022 The ASEC analysis team has recently detected the distribution of a phishing email impersonating a non-profit quasi-governmental organization. Since the email is using a webpage disguised as a login page of GobizKOREA serviced by Korea SMEs and Startups Agency (KOSME), users who are working in the trading industry should take extra caution. The figure below shows the email’s subject and body. It tells the reader that a new inquiry from a buyer was registered. Since all five hyperlinks in the…
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551 (2) Posted By jcleebobgatenet , September 29, 2021 The ASEC analysis team is back to continuously introduce DOC macro documents used by the TA551 group in attacks. The operation flow of macro documents hasn’t changed since its introduction in July. However, we have confirmed that in the most recent case, BazarLoader was distributed at the last step after the macro was run. First, to quote BazarLoader analysis report published in May by AhnLab: Excerpt from ATIP – BazarLoader Analysis Report ‘Abstract’ BazarLoader is a malware that downloads and…