Pakistan-linked threat group uses compromised WordPress sites to deliver Warzone RAT to manufacturing companies in Taiwan and South Korea. Aggah, believed to be affiliated with Pakistan, is delivering the RAT in a campaign aimed at spreading malware. The campaign, which began in early July, uses spoofed email addresses appearing to originate with legitimate customers of the manufacturers, researchers said. The Warzone malware is available for purchase on the dark web and is available on cracked versions of the commodity infostealer available on GitHub.”]
Source: https://threatpost.com/aggah-wordpress-spearphishing/168657/