The education, information and telecommunication industries are targeted as well
The researchers have discovered an advanced persistent threat (APT) that targets organizations from various Russian industries, including space research, education, information and telecommunication.
It appears that the attackers are attempting to steal various pieces of sensitive information from their targets by tricking them into installing malware disguised as an innocent-looking Word document.
FireEye believes that Korea might be behind this operation for various reasons. For one, the SMTP mail and the command and control servers used by the malware are located in Korea (it’s not specified which Korea).
Furthermore, the fonts from the bait document are Batang and KP CheongPong, which are also Korean. Moreover, there are several other clues which point to the fact that the masterminds of the operation are native Korean speakers.