.webp)
The threat group APT-C-60 has been caught red-handed for hacking a company in Japan by pretending to be a job seeker. This sneaky move went down around August 2024, and it used some real clever tactics. JPCERT/CC, which is like the cool, techy detective agency, figured out that they sent an email that looked like it came from someone who wanted a job. But oh no, it had a nasty surprise!
When the person at the company clicked on the link, it had a file that could hide some super shady malware called SpyGlace. They're like ninjas because they used normal stuff like Google Drive, Bitbucket, and StatCounter to make it happen.
So, the email had a link to a file that looked all innocent on Google Drive. When the person downloaded it, they'd see a fake job application document pop up, but behind the scenes, the computer was getting infected with some serious bad news. The "SecureBootUEFI.dat" file was like the hacker's secret weapon, giving them the info they needed to take over the computer.
They also used a thing called "Service.dat" to get more files from Bitbucket, which is like a website where people usually share code for work stuff. These files, "cn.dat" and "sp.dat," helped them keep the backdoor open on the computer so they could control it from far away and do whatever they wanted, like steal important stuff or make the computer do their dirty work.
Other techy companies, Chuangyu 404 Lab and Positive Technologies, have also spotted these bad guys doing the same thing. They said that these Asia-based hacker groups are pretty crafty, always finding new ways to get around the computer's defenses, like using those VHD/VHDX files to sneak past the bouncers. It's like they're always one step ahead, using the internet's own tools against it. It's pretty wild how they can hide in plain sight like that.