Forwarded from the National Institute of Cyber Security (NICS): Cybersecurity Alert NISAC-400-202512-00000018

[Content Description]
The National Institute of Cyber Security (NICS) recently received external intelligence indicating that attackers are distributing social engineering emails under the guise of administrative litigation to lure recipients into opening, downloading, and executing malicious attachments.

We recommend that your organization strengthen its defenses and notify all units to be more vigilant and avoid clicking on email attachments and links to prevent hacking. Known characteristics of the attack emails are as follows; please refer to the attachment for relevant hacking detection indicators.

1. Hacker's message: [Organization Name]

2. Related malicious relay sites: giugh9ygiuhljbgh-1328314126[.]cos[.]ap-tokyo[.]myqcloud[.]com, 202[.]79[.]168[.]155

3. Malicious attachment SHA1 hash values: 770e64e02d2cf2cac30d6074c201d44279996cbc, e69b347f9608abaf31cab02f0a34b3dfa1d7c872

Note: Related domain names are separated by "[.]" to avoid accidental connection triggering.

[Recommended Measures]
1. Network administrators should refer to the hacker detection indicators and ensure their firewalls are updated to block malicious relay stations.

2. It is recommended to be vigilant about suspicious emails, verify the authenticity of the email source, and not open emails or attachments from unknown sources.

3. Install antivirus software and update it to the latest virus definitions. Before opening any files, scan email attachments with antivirus software and confirm the file type. If you find any abnormal characters in the file name (such as lnk, rcs, exe, moc, etc., which are reverse orders of executable file attachment names), please be alert.

4. Strengthen internal communication and improve personnel's cybersecurity awareness to prevent hackers from using email for social engineering attacks.

[References]
Attachment - Social Engineering Attacks_IOC: https://cert.tanet.edu.tw/pdf/report_IoC_1210.csv