March 08, 2025 • By KWD
Listen to this article
Intezer researchers have identified a phishing campaign directed at energy companies in South Korea, the United States, the United Arab Emirates, and Germany. The majority of targets are in South Korea.
“The attackers launch the attack via typosquatted and spoofed emails,” the researchers write. “The campaign spreads via phishing emails targeted at specific employees at the targeted companies. The emails are designed to appear to be sent by another company in the relevant industry, offering a business partnership or opportunity.
Each email includes a file attachment, which is typically an IMG, ISO, or CAB file. These file formats are frequently used by attackers to avoid detection by anti-virus scanners that are based on email. When the victim opens the attachment and clicks on one of the files contained within, an information stealer is launched.”
According to Intezer, the attachments are disguised as PDF files in order to trick the victim into opening them.
The researchers write that the emails are formatted to appear to be legitimate correspondence between two businesses. “The attacker's extra effort is likely to boost the emails' credibility and entice victims to open the malicious attachments. The emails employ social engineering techniques such as referencing executives and utilizing legitimate companies' physical addresses, logos, and email addresses. Additionally, they include requests for quotations (RFQ), contracts, and referrals/tenders for actual projects related to the targeted company's business.”
Additionally, the researchers note that the attackers are familiar with corporate conversations, which lends credibility to their actions.
“The emails' content demonstrates that the threat actor is well-versed in business-to-business (B2B) communication,” Intezer says. “The recipients of these emails range from generic email addresses like 'info@target company[.]com' or'sales@target company[.]com' to specific individuals within businesses. This implies that some companies gathered more intelligence during reconnaissance than others.”
Your employees will learn how to defend against targeted social engineering attacks through new-school security awareness training which we have designed.
If you are interested in knowing more about our training, please contact us for more details.
