Rewterz Threat Alert – “Hack-for-hire” DeathStalker Using New PowerPepper Implant
December 7, 2020Rewterz Threat Alert – AgentTesla Information Stealer – IoCs
December 7, 2020Rewterz Threat Alert – “Hack-for-hire” DeathStalker Using New PowerPepper Implant
December 7, 2020Rewterz Threat Alert – AgentTesla Information Stealer – IoCs
December 7, 2020Severity
High
Analysis Summary
Threat actors are actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. Threat actors are impersonating a biomedical company, Haier Biomedical, and are sending out spear-phishing messages to executives and global organizations involved in vaccine storage and transport. Haier Biomedical is a legitimate member company of the COVID-19 vaccine supply chain, it is also a qualified supplier for the CCEOP program.
Spear-phishing emails were sent to select executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.
The phishing campaign hit global organizations with headquarters in Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan. The attackers aim at harvesting account credentials to use in further attacks against the same organizations.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
Filename
- RFQ- UNICEF CCEOP and Vaccine Project
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.