For the past week, the society has forwarded emails to victims with the title of “Wanna see the Game of Thrones in advance?” expecting to attract targets to open the email and download the appended files.
These data are booby-trapped with an installed LNK file that executes a Powershell script that runs the 9002 remote access trojan, allowing intruders full access to the infected machine.
Behind the attacks is a cyber-espionage society pursued under the codenames of Deputy Dog, Group 27, or APT17.
Several protection firms consider the group to be working out of China. APT17 has a deep history of hacking running back for almost a decade.
The group grew infamous when it attempted to hack Google’s infrastructure in a range of attacks known as Operation Aurora. Since then, the organization has been busy on several aspects, focusing fresh efforts on hacking government systems in several Southeast Asian countries.
Proofpoint, the security company who saw the recent attacks, did not tell who the recent GoT-themed phishing lures targeted, but one of the Proofpoint researchers posted on Twitter that attackers targeted organizations beginning in the technology sector.
This month, two Game of Thrones episodes flowed online. Employees from one of HBO’s third-party publishers in India published episode 4, while HBO Spain and HBO Scandinavia unexpectedly aired episode 6 in advance, which then hit torrent sites within hours.
In addition, a society of hackers calling themselves Mr. Smith leaked Game of Thrones scripts and several other HBO shows.
All of these events produced a lot of online chatter about Game of Thrones news that made it possible for APT17 to operate this special phishing lure with a high level of efficiency.
Take your time to comment on this article.