The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
South Korea has been the victim of a significant cyber warfare campaign for espionage purpouses in the recent weeks and it could worsen ahead of the Donald Trump-Kim Jong-un meeting
South Korea has been the victim of a significant cyber warfare campaign in the recent weeks, according to Fireeye. And the situation could worsen, ahead of the meeting between US president Donald Trump and North Korean leader Kim Jong-un. The cyber security experts found evidences of the China and Russia involvment in the aggression. “These attacks are likely just the tip of the iceberg. Geopolitical tensions are often reflected through cyber attacks and these incidents can help us understand the interests of their sponsors,” FireEye said. Donald Trump will meet North Korea leader in Singapore next Tuesday to push ahead the Pyongyang closure of it’s nuclear weapons program. The summit, the first between the two presidents, could be also the occasion to formally declare an end to the Korean war, concluded in 1953 but just with a simple armistice agreement.
Fireeye: The main cyber aggressors are the China-linked Tonto and the Turla hackers from Russia
In this context, the cyber warfare campaign against South Korea is increasing. The aim of the state-sponsored hackers is to steal intelligence informations and infiltrate in the networks of Seoul. Fireeye, in fact, expects that the Asian country will be targeted at “an increased pace” ahead of the summit. The two worst cyber aggressors are the China-linked Tonto and the Turla hackers from Russia. The last one is more sofisticated that the well known APT 28 (Fancy Bear, Strontium, etc…) and it’s specialised in cyber espionage.
Two articles about the Turla campaigns and TTPs (in Italian)