The group also uses a watering hole attack which aims to dupe the users with a fake China political news portal. The links on the website lead to additional content in the form of a PowerPoint Slides infected with a malicious payload.
Kaspersky said even though Microsoft has patched the vulnerabilities, attackers can still use a social engineering trick to compromise the targets if they ignore multiple security warnings and agree to enable "dangerous" features of the document.
After successful exploitation of the vulnerability, a range of malicious tools are installed on the device of the users which then collect and send attackers data such as Word documents, PDF files, PowerPoint presentations, Excel spreadsheets, and login credentials saved in the browser.
Preventing the worst
To avoid being a victim of cyberespionage groups, Kaspersky advised consumers and organisations to not open attachments from unknown emails/senders.
It is also important to update the software on the PC regularly and use a security solution capable of fighting the most sophisticated cyber threats. Organisations must also leverage an anti targeted-attack solutions which could spot anomalies in the corporate networks before the malware is installed.
Lastly, Kaspersky said consumers and organisations must track the evolution of targeted attack groups to keep them aware of the new techniques the attackers are using and how to avoid falling prey to these activities.
Sign up for MIS Asia eNewsletters.