NAME:
Earth Wendigo
Alias
Earth Wendigo
Description:
We discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely-used in Taiwan.
Earth Wendigo uses typical spear-phishing techniques to initiate their attack, the threat actor also uses many atypical techniques to infiltrate the targeted organizations, such as the use of mail signature manipulation and Service Worker infection.