A pattern emerges from the document exploits recently used by HORSMY, ESILE, FARFLI, and other targeted campaigns. Likely sourced in cybercriminal underground markets, this template exploit can be modified depending on what attackers need from their targets.
A new campaign inched closer to Japanese government and private entities with backdoor malware attacks on the commonly used word processing software Ichitaro. The ANTIFULAI campaign enters networks via clever email subjects, such as a job application inquiry.
Recent targeted attacks that send bogus emails from a Chinese newspaper were found targeting systems with Windows PowerShell installed. The PowerShell command line is typically found on Windows 7 onwards and is used to automate Windows applications.