Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Chinese Cyber-Espionage Group Uses Game of Thrones as Phishing Lure


Recommended Posts

A cyber-espionage unit is using the recent Game of Thrones episode leaks to lure targets into opening malicious documents sent via email.

For the past week, the group has sent emails to victims with the subject of "Wanna see the Game of Thrones in advance?" hoping to entice targets to open the email and download the attached files.

These files are booby-trapped with an embedded LNK file that runs a Powershell script that installs the 9002 remote access trojan, allowing attackers full access to the infected machine.


https://www.bleepstatic.com/images/n.../got-phish.png

APT17 behind the GoT phishing campaign

Behind the attacks is a cyber-espionage group tracked under the codenames of Deputy Dog, Group 27, or APT17.

Several security firms believe the group to be operating out of China. APT17 has a long history of hacking going back for almost a decade.

The group became infamous when it tried to hack Google's infrastructure in a series of attacks known as Operation Aurora [1, 2]. Since then, the group has been busy on several fronts [1, 2, 3], focusing recent efforts on hacking government organizations in several Southeast Asian countries.

Proofpoint, the security company who discovered the recent attacks, did not say who the recent GoT-themed phishing lures targeted, but one of the Proofpoint researchers shared on Twitter that attackers targeted companies activating in the technology sector.

Pretty clever and opportune lure

This month, two Game of Thrones episodes leaked online. Employees from one of HBO's third-party distributors in India released episode 4, while HBO Spain and HBO Scandinavia accidentally aired episode 6 in advance, which then hit torrent sites within hours.

In addition, a group of hackers calling themselves Mr. Smith leaked Game of Thrones scripts and various other HBO shows.

All of these incidents produced a lot of online chatter about Game of Thrones leaks that made it possible for APT17 to operate this particular phishing lure with a high degree of efficiency.

The use of a Game of Thrones lure [...] follows a common threat actor technique of developing lures that are timely and relevant, and play on the human factor - the natural curiosity and desire to click that leads to so many malware infections," said Darien Huss and Matthew Mesa, two Proofpoint researchers.


A technical breakdown of the recent phishing campaign and the infection process, step-by-step, is available in Proofpoint's report here.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...