Campo, a New Attack Campaign Targeting Japan

Since around March 2021, campaigns in Japan using an infrastructure called campo/openfield have been observed. This campaign has the potential to deliver subsequent malware depending on the infected organization, and some cases eventually could result in ransomware incidents overseas. We keep tracking this attack campaign, and it started to be observed at least around October 2020 as far as we are aware. We anticipate that attackers will continue to be active in the future, and we are concerned that this could lead to serious impacts including ransomware encryption in the worst case. Therefore, in order to prepare for such threats, we will share in this blog the characteristics of campaigns for Japan and how to check for malware execution traces based on our research.   Update history Date Details 2021/5/11 Published this blog Observation cases of this campaign in Japan Reports of suspicious emails in Japan have been shared on social networking sites.  The reports are shown below in chronological order. 2020/10/14 2021/3/10 2021/3/24 2021/3/31 2021/4/6 2021/4/7 2021/4/8 2021/4/9 Big picture of attack campaign The big picture of the attack campaign is as shown in Figure1. The attack begins with incoming Japanese […]