12 May 2015

Hackers turning to LINE to launch cyber attacks in Taiwan

Source: Trend Micro.

According to Trend Micro's Targeted Attack Trends 2014 report, targeted attacks – otherwise known as advanced persistent threats (APTs), have intensified over the past year alongside newly identified techniques. The company has found that mobile messaging application LINE was used as a bait to lure targets in a targeted attack which hit the Taiwan government.

Korean messaging app LINE has a global reach of more than 560 million registered users as of October 2014 according to Statista, while a January 2015 blog post by Metaps, LINE reaches about 75% of the population in Taiwan.

Intended targets received a spear-phishing email that uses LINE as its subject and has .ZIP file attachment with the filename, add_line.zip. The said email message purports to come from the secretary of a political figure and supposedly asked recipients in a Taiwan government office to join a specific LINE group, and to provide some information for profiling purposes. Once users open the .ZIP file, an executable file, add_zip.exe is launched. Trend Micro detects this as BKDR_MOCELPA.ZTCD-A.

Further investigation revealed that this targeted attack is likely related to the Taidoor campaign, which employs malicious .DOC files that shows a legitimate document but executes the malware payload in the background. The LINE malware
makes use of the same encryption to hide the network traffic. 

The news reinforces the need for companies to adapt more than ever to the risks posed by targeted attacks, Trend Micro said. Employees should also be wary of opening any email attachments, even from people they know, or if they are invited to download software.

Need more details?

A Trend Micro blog post describes the exploit here.