RedPacket Security

InfoSec News & Tutorials

News 

Hacking Group Earth Wendigo Exploits Emails via Spear-phishing Attacks

admin , ,
Click the icon to Follow me:- twitterTelegramRedditDiscord

internet 3592056 480

As per the cybersecurity experts, the cyberattacks are related to Earth Wendigo, a cyber criminal currently not linked to any of the hacking groups. At the start of May 2019, Trend Micro reported that multiple organizations were attacked by Earth Wendigo. The targets include research institutions, government organizations and universities. The cyberattack used spear-phishing mails to exploit its victims, which include activists and politicians based in Hong Kong, Tibet and Uyghur region. 

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G...
AMD Ryzen 5 3600 6-Core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler $199.99
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G... read more
(as of January 27, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc...
AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler $389.99 $299.00
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more
(as of January 27, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 8 core processor for mainstream desktop, with 16 procesing threads Can deliver elite 100+ FPS performance in the world's most popular games Cooler not included, high-performance cooler recommended 4.7 GHz Max Boost, unlocked for overclo...
AMD Ryzen 7 5800X 8-core, 16-Thread Unlocked Desktop Processor Without Cooler Black, XX-Large $536.00
AMD's fastest 8 core processor for mainstream desktop, with 16 procesing threads Can deliver elite 100+ FPS performance in the world's most popular games Cooler not included, high-performance cooler recommended 4.7 GHz Max Boost, unlocked for overclo... read more
(as of January 27, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Trend Micro reports, “we discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely-used in Taiwan. With no clear connection to any previous attack group, we gave this new threat actor the name “Earth Wendigo.” 

Earth Wendigo deployed spear-phishing emails that contained obfuscate Java script code, using initial attack vectors, Java script loaded corrupted scripts from remote servers controlled by attackers. The scripts were built for stealing Webmail session keys and browser cookies, spread the malicious scripts through appending code with the target’s email signature, and exploiting an XSS (cross-site scripting) vulnerability in the Javascript injection Webmail server. “The Earth Wendigo threat actor will establish a WebSocket connection between the victims and their WebSocket server via a JavaScript backdoor. The WebSocket server instructs the backdoor on the victim’s browser to read emails from the webmail server and then send the content and attachments of the emails back to the WebSocket servers,” says Trend Micro. 

The XSS vulnerability exploit exists in system shortcut feature of webmail, which allows the threat actor to put craft payload shortcut that replaces webmail system page’s parts by corrupted JavaScript codes. “Additional investigation shows that the threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians and activists, who support movements in Tibet, the Uyghur region, or Hong Kong. However, this is a separate series of attacks from their operation in Taiwan, which this report covers,” reports Trend Micro.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

You may be interested in...

  • Cyber Bully
  • A Battle of Equals
  • The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
  • Cyber War
  • Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

    • Discord

    Original Source

    You May Also Like

    osint

    Chaos in a cup: When ransomware creeps into your smart coffee maker

    admin
    US Capitol

    Congress unanimously passes federal IoT security law

    admin
    osint

    What’s up with WhatsApp’s privacy policy?

    admin