Tldr: A recent Mandiant’s blog described a series of targeted attacks over Whatsapp by an APT cluster named UNC4034. We found several additional cases in VirusTotal which we believe with high confidence are related to the same activity set.
According to the original publication, this activity is most likely related to North Korean actor and could be an extension of Operation “Dream Job”, leveraging targeted distribution of malicious ISO files. Based on Mandiant’s research, in the first stage the attacker sends a job offer at Amazon to the victim by email, followed by a WhatsApp web message where the attacker shares a malicious ISO file, pretending to be part of the selection process.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from VirusTotal Blog
Read the original article: