Attack Exploiting Legitimate Service by APT-C-60

JPCERT/CC reports that in August 2024 APT-C-60 likely targeted a Japanese organization using a spearphishing email posing as a job applicant; victims downloaded a VHDX from Google Drive containing LNKs that launched a downloader (SecureBootUEFI.dat) which abused StatCounter and Bitbucket to retrieve and execute a multi-stage payload culminating in the SpyGlace backdoor. The analysis details infection flow, downloader and backdoor behavior, persistence via COM hijacking, C2 infrastructure and URLs, commands, and a list of malware hashes and related IOCs.