A sophisticated spear-phishing campaign has targeted companies using Zeplin, a collaboration system heavily used in the software development and product design communities. The campaign, launched in early May by South Korean APT group Higaisa, took special aim at newer users of the service, luring users with files purporting to be a project file and updates to copyright policies.
The Prevailion Tailored Intelligence Team, which discovered the campaign, notes in its published report that the malware used indicates that it originated with an experienced, technologically sophisticated organization. Among the factors leading to that conclusion are multiple program storage locations on the victim computer, multiple command-and-control servers, and the ability to communicate over multiple networking protocols.
Source: Dark Reading
