The “Gangnam Industrial Style” is a well-planned attack against high-profile enterprise networks, most of them located in South Korea.
The reports indicate that an experienced hacking group is leveraging the intrusion attempts against industrial, engineering and manufacturing companies, as well as critical infrastructure.
Enterprise Companies Targeted By Dangerous “Gangnam Industrial Style” Attack
An unknown hacking group has been found to carry out large-scale and dangerous attacks against enterprise companies and service providers. They range from industrial and manufacturing facilities to critical infrastructure providers. Given the fact that most of the attacks are against South Korean companies we assume that the criminals are from there or that the attacks are state sponsored.
Most of the infections are caused by phishing email messages which are sent against the inboxes of company employees. The messages are designed to impersonate commonly accessed documents and important files such as the following:
- White Papers
- Power Plant Diagrams
- Quote Requests
- Forwarded Messages
- Service Notifications
The email messages will be designed to look like the real emails by taking the original content and text layout. The attached documents will usually be PDF documents containing dangerous scripts. When the victims open them in the PDF viewing software the infection will be started.
The malicious component that is part of the ongoing “Gangnam Industrial Style” attack is a modified Trojan that is designed to carry out extensive malware actions against the compromised hosts. The original code of the threat has originally been made back in 2013 showing that the hackers have created a custom version for themselves. This means that they must have had access to the original source code in order to have modified it. Like any advanced malware of this type it will be able to carry out extensive damage. Common malware actions can be the following:
- Data Theft — The main engine is capable of accessing the file system and memory contents and search for sensitive data that will be hijacked and sent to the hackers.
- Sabotage — The malware can modify the configuration files on the target hosts and lead to devices sabotage and malfunction.
- Malware Delivery The “Gangnam Industrial Style” attack is suited to infect the systems with all kinds of dangerous malware including ransomware and Trojans.
The hacked machines have been found to transmit the harvested information back to a hacker-controlled server vi a built-in client. At the same time the wave of intrusion attempts that originate from this campaign continue to be running.