Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam’s Military Telecom & Philippine Healthcare

Seqrite Labs documents "Operation GriefLure," a highly targeted spear‑phishing campaign that weaponized genuine victim documents to lure senior executives and investigators. Attackers delivered nested RAR/ZIP archives containing malicious LNKs that abuse ftp.exe to run hidden batch scripts which assemble and execute a custom loader (sfsvc.exe) and a multi‑stage DLL (360.dll) enabling fileless execution, process injection, credential theft, screen capture and HTTP(S) C2 communication; infrastructure pivoting and China‑nexus indicators suggest a moderately high confidence attribution.