"New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists"

SuperBear, a novel Remote Access Trojan (RAT), was discovered due to a new phishing attack targeting civil society groups in South Korea. According to Interlabs, the attack targeted an unnamed activist who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization. When the LNK file is executed, a PowerShell command is launched to execute a Visual Basic script, which then fetches the next-stage payloads from a legitimate but compromised WordPress website. The attack has been loosely attributed to the North Korean nation-state actor named Kimsuky, also known as APT43, Emerald Sleet, Nickel Kimball, and Velvet Chollima, based on similarities with the initial attack vector and the PowerShell commands used. This article continues to discuss the SuperBear RAT. 

THN reports "New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists"