Phishing Email Attacks by the Larva-24005 Group Targeting Japan
Contents
Phishing Email Attacks by the Larva-24005 Group Targeting Japan
AhnLab SEcurity intelligence Center (ASEC) has identified the behavior of Larva-24005 breaching servers in Korea and then establishing a web server, database, and PHP environment for sending phishing emails.
Larva-24005 is using the attack base to target not only South Korea but also Japan. The main targets are those who are involved in North Korea and university professors who are researching the North Korean regime. They have set up a C2 server for their phishing email attacks and are disguising the email body as a ZOOM meeting link or a web portal login page to prompt users to click on them.
This blog post describes the process of Larva-24005 threat actor securing their attack infrastructure and a phishing email attack case that targeted Japan.
1. Larva-24005
Larva-24005 is a sub-group of the Kimsuky threat group known to receive support from North Korea. The name was newly …
AhnLab SEcurity intelligence Center (ASEC) has identified the behavior of Larva-24005 breaching servers in Korea and then establishing a web server, database, and PHP environment for sending phishing emails.
Larva-24005 is using the attack base to target not only South Korea but also Japan. The main targets are those who are involved in North Korea and university professors who are researching the North Korean regime. They have set up a C2 server for their phishing email attacks and are disguising the email body as a ZOOM meeting link or a web portal login page to prompt users to click on them.
This blog post describes the process of Larva-24005 threat actor securing their attack infrastructure and a phishing email attack case that targeted Japan.
1. Larva-24005
Larva-24005 is a sub-group of the Kimsuky threat group known to receive support from North Korea. The name was newly …