Spear-Phishing Campaign Hits Developer Collaboration System Users
Users of Zeplin, a popular developer and designer collaboration system, have been hit with new waves of spear-phishing attacks in the last month.
A sophisticated spear-phishing campaign has targeted companies using Zeplin, a collaboration system heavily used in the software development and product design communities. The campaign, launched in early May by South Korean APT group Higaisa, took special aim at newer users of the service, luring users with files purporting to be a project file and updates to copyright policies.
The Prevailion Tailored Intelligence Team, which discovered the campaign, notes in its published report that the malware used indicates that it originated with an experienced, technologically sophisticated organization. Among the factors leading to that conclusion are multiple program storage locations on the victim computer, multiple command-and-control servers, and the ability to communicate over multiple networking protocols.
The researchers advise organizations to renew their commitment to anti-phishing practices with special attention given to Microsoft shortcut links, especially when those links might have occurred in messages from untrusted sources.
For more, read here.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024