Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole (Mar 28, 2019)
Researchers from Trend Micro discovered a phishing campaign targeting South Korean websites via watering holes on those compromised sites. The campaign, dubbed "Soula," collects information from a spoofed login screen of a popular South Korean search engine to obtain credentials of a user. That information is sent to the threat actor's Command and Control (C2) server. At the time of the article's writing, it appears that the threat actors are just storing the data to gather information and research, likely before conducting a further campaign using the obtained information.
Recommendation: Security and system/IT administrators must practice due diligence in protecting their websites and web-based applications from threats that can undermine their security, and hijack them to do the bad guys' bidding--delivering malware to their victims. Malicious web injections, for instance, leverage exploits that enable attackers to gain footholds into the system. An organisation's best defence is to regularly apply the latest patches, as well as routinely scan and examine traffic that goes through the enterprise's network, which enables prompt incident response and remediation.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.