Cybersecurity researchers have reported a phishing campaign targeting users in Taiwan that employs malware strains like HoldingHands RAT and Gh0stCringe. This campaign, attributed to the Silver Fox APT, reportedly began earlier in January with phishing emails mimicking the National Taxation Bureau. The emails utilize tax-related lures to encourage opens of attached PDF documents or ZIP files, which contain malicious content. Attack sequences include the deployment of legitimate executables and sophisticated techniques for malware installation and command-and-control operations. Additional malware samples have been identified through ongoing monitoring by Fortinet's FortiGuard Labs.
Cybersecurity researchers are warning of a new phishing campaign targeting Taiwan with malware like HoldingHands RAT and Gh0stCringe, exploiting government impersonation.
The threat actor, Silver Fox APT, uses phishing emails with tax-related lures to deliver malware, including a multi-stage infection sequence involving DLL side-loading.
Both HoldingHands RAT and Gh0stCringe relate to a widely used remote access trojan, showcasing a sophisticated phishing strategy leveraging PDF documents and executables.
The campaign's delivery involves employing legitimate executables and using encryption and privilege escalation tactics to solidify control over compromised systems.
Collection
[
|
...
]