Given the geo-political environment, Taiwan is no stranger to thinking about Advanced Persistent Threats (APTs). The use of SmokeLoader does seem to follow suit with the general trend of pre-positioning that we have seen in other parts of the world.
This particular campaign uses exploits in native Office from 2017 (as opposed to Office 365) and is a reminder that even though tools may be end-or-life'd by the software manufacturer, they may still remain in use and be exploited by attackers. Not everywhere in the world is it possible to have a three year technology refresh cycle.
The SmokeLoader campaign targeting Taiwanese industries reflects a strategic focus on sectors critical to national infrastructure and economic stability. The use of modular malware like SmokeLoader, coupled with phishing vectors and exploitation of legacy Office vulnerabilities, highlights the sophistication of these attacks.
Collection
[
|
...
]