Campo, a New Attack Campaign Targeting Japan
Since around March 2021, campaigns in Japan using an infrastructure called campo/openfield have been observed. This campaign has the potential to deliver subsequent malware depending on the infected organization, and some cases eventually could result in ransomware incidents overseas. We keep tracking this attack campaign, and it started to be observed at least around October 2020 as far as we are aware. We anticipate that attackers will continue to be active in the future, and we are concerned that this could lead to serious impacts including ransomware encryption in the worst case. Therefore, in order to prepare for such threats, we will share in this blog the characteristics of campaigns for Japan and how to check for malware execution traces based on our research. Update history Date Details 2021/5/11 Published this blog Observation cases of this campaign in Japan Reports of suspicious emails in Japan have been shared on social networking sites. The reports are shown below in chronological order. 2020/10/14 https://twitter.com/bomccss/status/1316163808319041536 2021/3/10 https://twitter.com/bomccss/status/1369612781209591813 2021/3/24 https://twitter.com/bomccss/status/1374526482890944515 2021/3/31 https://twitter.com/bomccss/status/1377280535710494729 2021/4/6 https://twitter.com/bomccss/status/1379240664362143744 2021/4/7 https://twitter.com/bomccss/status/1379602541495738371 2021/4/8 https://twitter.com/bomccss/status/1379970130642235392 2021/4/9 https://twitter.com/bomccss/status/1380327966765314050 Big picture of attack campaign The big picture of the attack campaign is as shown in Figure1. The attack begins with incoming Japanese […]