While largely targeting organizations in the APAC region, this company has also been seen targeting organization in Europe, indicating that they may pivot to compromise organizations worldwide in the future. As the initial compromise in this campaign stems from phishing, the best prevention is to provide adequate user education into the latest phishing campaigns. However, this is not adequate as all it takes is one phishing attachment to slip through the cracks and get executed to compromise an organization. For this campaign, monitoring emails for RAR attachments would be a good avenue of preventing compromise from occurring. Additionally, monitoring for suspicious child processes spawning from Excel or from CHM files are also other avenues of detecting this campaign. In the end, it is recommended to implement a defense-in-depth strategy to ensure that all future variations of this campaign may also be caught.
https://www.bleepingcomputer.com/news/security/bitter-espionage-hackers-target-chinese-nuclear-energy-orgs/
