The Gorgon APT, Advanced Persistent Threat, is an older yet unsafe online threat first discovered in February 2018.
While the activities of the Gorgon APT flared on and off from February 2018 until now, the group is now back strongly with a new spear-phishing campaign. So far, the targets are being carried out in Europe though everyone else should be on safeguard too. It begins with an email containing subjects, invoice numbers, content with the description with the attached Excel document. Once the attached file gets clicked, the malicious file delivers the payload. The XLS file contains macro / VBA code which gets enabled once the document opened.
Safety Concern from Gorgon APT and Other Spear Phishing Campaign
- Don’t trust emails from people you don’t know them personally
As much as possible try to avoid any attached document to open coming from unknown sender in your email account.
- Have an email security solution firmly in place
Run your incoming emails through Solution which Prevents BEC attacks, to make sure online intimidators are not trying to fool you. Business Emails Compromise (BEC) attacks are becoming a growing concern, especially corporate sectors.
- Don’t jump on entering your credentials anywhere without extra checks
If you find yourself on any website or portal that looks like you can trust but asks for entering your credentials again, don’t do it. No matter how it looks like, it could be a spear-phishing attempt to intimidate users.
Make sure you check and double-check the validity of the website address. If you have any doubts, don’t enter your credentials. If it’s indeed necessary, you will be prompted to do it in the mail portal/app that you use, anyway.
Within the Gorgon APT infrastructure, the researchers were able to identify several crimeware family samples, including Trojans, RATs like NjRat and info stealers such as LokiBot. These were all hosted on the command and control (C2) domain of the Gorgon group. By following up above safety concerns Gorgon APT targets might be avoided, though email users need to stay alert while operating mail attachments.
