Update on Attacks by Threat Group APT-C-60
Essential information
- Published
- 05/11/2025 08:16
- Modified
- 05/11/2025 09:26
- Tags
- 2025-11-05 com hijacking downloader1 downloader2 east asia github rc4 recruitment spear-phishing spyglace vhdx
- Related entities
- 31 observables, 1 intrusion sets (apt), 11 techniques (mitre), 3 malware, 1 others
Description
APT-C-60 continues to target Japan and East Asia with spear-phishing attacks impersonating job seekers. The attack flow has evolved, now directly attaching malicious VHDX files to emails. The malware, including Downloader1, Downloader2, and SpyGlace, has been updated with new features and communication methods. SpyGlace versions 3.1.12, 3.1.13, and 3.1.14 were observed, with changes in Mutex values and execution paths. The attackers use GitHub for payload distribution and employ sophisticated encoding and encryption techniques. The campaign abuses legitimate services and maintains consistent behavioral patterns despite infrastructure changes.