This report details a renewed wave of APT-C-60 cyber-espionage targeting Japanese entities, involving sophisticated spear-phishing campaigns and malware upgrades. The attackers utilize legitimate cloud services, encrypted communication, and evolving malware to evade detection and maintain persistence. #APT-C-60 #SpyGlace
Keypoints
- The threat actor primarily targets Japanese organizations using spear-phishing emails impersonating job seekers.
- Malicious VHDX files are directly attached to emails, containing scripts that trigger malware execution via legitimate binaries.
- The malware infrastructure includes refined downloaders that communicate with GitHub to fetch instructions and payloads.
- Updated versions of SpyGlace malware feature new commands, persistence paths, and obfuscation techniques to minimize detection.
- The campaign employs encrypted communications, region-specific content, and public GitHub repositories for payload delivery and control.