Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Update on Attacks by Threat Group APT-C-60 in 2026

0
Medium
Published: 07/13/2026 (07/13/2026, 12:54:54 UTC)
Source: AlienVault OTX General

Description

APT-C-60 is actively targeting organizations in Japan throughout 2026 using spear-phishing emails with Proton Drive links or RAR attachments. The attack involves extracting LNK files that execute obfuscated JavaScript via mshta.exe, leading to multi-stage payload delivery. The threat actor abuses legitimate developer services such as GitHub, GitLab, jsDelivr, and Codeberg to host malicious components and uses git.exe to execute scripts deploying SpyGlace malware versions 3.1.15 to 3.1.18. The campaign employs living-off-the-land techniques and persistence mechanisms to evade detection by blending malicious activity with legitimate traffic.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 21:17:30 UTC

Technical Analysis

APT-C-60 continues its targeted attacks against Japanese organizations in 2026 by leveraging spear-phishing emails containing Proton Drive links or RAR archives. Victims extract LNK files that invoke JavaScript execution through mshta.exe, initiating a multi-stage infection chain. The attackers exploit legitimate developer-oriented platforms and CDNs (GitHub, GitLab, jsDelivr, Codeberg) to host obfuscated JavaScript payloads and use git.exe to run scripts that deploy downloaders and loaders. This ultimately results in the delivery of SpyGlace malware versions 3.1.15 through 3.1.18. The campaign uses sophisticated living-off-the-land tactics and persistence techniques consistent with prior operations, aiming to evade detection by blending malicious traffic with normal corporate communications.

Potential Impact

Successful exploitation leads to multi-stage malware infection culminating in deployment of SpyGlace spyware, which can compromise victim systems and potentially exfiltrate sensitive information. The use of legitimate services and living-off-the-land binaries complicates detection and response efforts.

Mitigation Recommendations

No official patch or fix is available as this is a malware campaign rather than a software vulnerability. Organizations should focus on user awareness training to recognize spear-phishing attempts, restrict or monitor execution of LNK files and mshta.exe where feasible, and implement network controls to detect or block suspicious use of developer platforms and git.exe. Monitoring for known SpyGlace indicators and employing endpoint detection capable of identifying living-off-the-land techniques is recommended.

Affected Countries

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Author
AlienVault
Tlp
white
References
["https://blogs.jpcert.or.jp/en/2026/07/apt-c-60_2026.html"]
Adversary
APT-C-60
Pulse Id
6a54e01e0597d81e8ad9f7d0
Threat Score
null

Indicators of Compromise

Hash

ValueDescriptionCopy
hashc668ad9966fde17f8ea32339c958b506
hash5c5059e80d808ef02b3da0435deb143adcadf059
hash002e1207b96361fc4d53b10621225d61700003241fa38caacb411384b3d51135
hash0120a6396952aec3f05ec0b0efe25e2a1b73545d55d74a3ac0bcd359d29f52bb
hash0420fd9e5f9961458604909391fb0f1a353c17c986b55fc5722c1b68e41865df
hash0bda4beded9c2923fe16f20b7cbd7baf1a5b7078be5cde715592529a974f9bd9
hash0bf85d9065feb20ee946acf77c985cc7ec78de048ee41d8c5931e0e88873efaa
hash119ad3dce05b5ef3db5a76655ac050eac51e318f1f31351ac103693a0a849158
hash131c27c3dce040979044ac1d363050c5d226af76aef1454bbf87c7193f8fc747
hash131d8f72fde45c5ca1f662c510c3da16fbcd8ff6ef9b9fd893c25a9c8e8ec205
hash14d799f7897d25f7cfb4d1c86f43c791b6d778d2efd92b5fac4f65fc472bf501
hash151b2dc70d141c12a33d8e45a80659fc53a71734e27233326bff150ac87744ea
hash16bdde15cbf9190883c146bab495c8be73daff4fff5ffbf86b4ee46847103fba
hash18683bba19695d325372d195634afd2f76b14896ba68225ba51ea5a039f2f76d
hash1aaf59f05bb724d501cc9bcd6642ab8fd7347cf274d46c24719c9dced9b22bea
hash1ae423e91f6cd679f9ea5be879b07379633b05cd850c37a8a65cdeaf508d097e
hash1b25c3d56fdb195b427a9c3bfc1f0e98e77a15322e8d3fc53a18edcc4891847f
hash21ddfbf726caa6d0f32a6bbce8e619f75c81f884bca48564c7a0e5a84bf4bd39
hash22de84e8f29cba932cf65cf4dc1d333cb8b2e468204f97030712bee32691ac3b
hash23b37d2ebe683cec3b145b6f2234ee728b99228cf3774399fcfad9502daab9a9
hash248ded4723e9f5da793e5e42d1ba7c2293dd704718f149b84b3b9b818a1f51db
hash2952d72ad1d44f3d424600b8fa4076794e2e072ab46936012a5fb872c67ce189
hash2b650e2e2c46a52378aee70fbaff1ce5e832c759c5f937532047f52500428c4d
hash2c98781e39a091b370ebd748b495c45752b2c54cdf2c36814358c8c6bd3ae912
hash2d8def39b76ca17b419e5084832105c0167a171fdcc14eebd0c872ccb7bf9b0c
hash3b7a80fc62eb8b248fd0be0d94c78f1efe2f510499c68865a6d0c4ead6bc4055
hash3c509ec732979d8c91009d2c9f898bea81f3fc4064c3c56576257f61f9bfaaee
hash3e2bc0bd2eb84282086cc5946673b22414a16e982402f1f05ea57059d2962588
hash3f2f69a8403e6b4e02ebe65448caf6abb8e2fbd1f7636ec71599f2d2d5fac8fb
hash3f67b777660241a1afc39f2ec388cac933a9eb31b3a34bddd12e39e663f1b566
hash43d597783af656a35184021f5e20686896463a1712f9216e0217a2ca740e3935
hash44a4ac119349f525d877728b53fe38453a516881d577679caf08ab69312a695f
hash45b2ba7c7a39817e1421f2abe2f869fa16af9651a6c863ac59683268fb391fe6
hash48bb091e0cab562fe094e0ef6a77b434dba97380c09a707220cbd9ca37999484
hash50ebf107d522326c9a9db8821fe3263aa5136964faaf5dd183657bbb52725f84
hash5115277eabf2d22d49dcef1e155874387d8e783853bd86debf7ff58588aae35d
hash5272917261d7091a59e00f9d09cd7eb1d3e111115a5b367f79a66d0d7c7b01f4
hash555360fb918b959176d669ef0ed40ec0b5ee57005fc625109891a16d02952462
hash55640ad319208915593db8ad43724dddf6e6e17fc6b0014affa69c90f5cd1eb4
hash5ab41cf20315d2ea1385967d588159873a65ef5581a0b78de06c0d8617894194
hash5c3d820e032592f47ffb4850ae0183749199b3e0dca3413cd0c3cb631e322f1b
hash5e97848bebf521766910d9c8378e98bf7aa1ce4b06aeb6c3f86c31ababbe9663
hash60972abf5425c191c81bae117f1dedaea13d39bc52f367d5dff9ad1aa4b9c5ca
hash62a879b0d1c1649cc72b2b6f61a8f6bd888625ce6e8a7aefe0a0461e4f27c525
hash669002654c264191d4660fbf757860d930175649735f81370b9f1af3658a304c
hash6b84eab2aac7754b99d04365a83ec374e3cea99cc3223118a5f8fd545a8483e5
hash6cdc895eda4847f700d6f82fa2e3a8c72c10da1e16455985df855372142ebbd8
hash71819a1b856b49e7f194ce60468ed8e5ea925c75d01484f4d28ffcf69d480b36
hash771a47120b935e218322046e838347d722d265b91f1afdef91194a5bec86a97a
hash78c108be692f1c45ed1da1988e3c5ac792c832a78d0b6e8e6550763156fe8f97
hash7900c2772680523cadc9fe4e07300d45500191ba64ff5b91573531b133840b14
hash7aa76237a7686583cc526b9d1a8486a52bd44a448d75ced51e1df4ba29ddb163
hash7b297f18ece81e87608e158288cc9c06cb9f4a8f1b2d2256aecf7bba8d7be2ab
hash7c3d0bebd263d3529132f2299de55a7801bf3ff40c833b13838be7a98ea3475e
hash7d09891e26d56a8bec44c3fe9a5791f3a93e8fa31539951ae6e2c40af83ba42d
hash8114e3f213713dbbbacafcd0f62884a7826139b434bb3c77eae8dce656477621
hash83a22d4f61b054bda53a2ea4f506e97d818c7c961d8cd3975c1f2a51443cf95c
hash843c4dc402e96ed72d7716d980c99e5dfa222a2a322250b7c3755a00d142bc1f
hash866564bb455bb3c9f3e15cbbc1dcaf75c533a224eb96c4b6d6739e114ee1d065
hash86ab5161f761822d16637d4d34b84ca6e1f66cea905aa27510620c9cf5f170d8
hash86c49174a032ebbba6aeb1541e2aa84da0933b2eac3976f8705451c13bc7f325
hash899ce01e7313f4c1cfcf07cb2456282ded1d6b6c57286762f2914a9d60de0146
hash8a8cabe5f94e7f4c0ccca97f0c361618ec944df03d8b3bfcfdd76a25dd8f7a5a
hash8ba3997afa07ac60312edf5f2d16357d1532a140081d638a9e4653768026ac56
hash8f08ead23767e1e4389927c40af167122b477ad17a98d388c863342dc9259c5e
hash9394627e9c44cf2226ddf50012e5cf47ccf7d3bd8afa2395c635a93637e23502
hash94072d60170fc72a528f68b2b3826638dbb7283c8906e8051f53fe16eaf054f8
hash9706ee93f9b4b8214293e2ca4a68525eccaacfea58b135dcb2ea661a099ee9e6
hash9789d80077998010c47a6a02ef1241eab11b69d667de8751b1e93fed6df913eb
hash9a19598ea286d5f6fa0b7ff981ba21aff503fb217757f4dfbd496ead01805543
hasha18b5a78143f004f33aafad998b518ad9ee4dbdec44817a6e9b570e727d3e22c
hasha1f0e6a30dc9753c5cbc80fd9df50eb44aee5a2349223b915b758af746275320
hasha4c8a56070fe6f613e79a14554d0a1dba2f70ce2b93319e72972943cc66edf4a
hasha7981dfccd8e4bdc00133dc15b22472c1677d6270826863caa36e7d58ef50de0
hasha8bee6c4a5860b0ae08a984d2a6d62c13d3e91d9514262998924d2e0cef88f7c
hasha9287e3452ab09144120ecdd20ed7365de589d5dcad28dcd8e191742d1ce5744
hasha9fd615fce38756ba6de8994f200e4b846397648138a9a0e6ef3b5952ef5e68c
hashab5aba292c983db324987e9fde2e01fe24a979d1587888fcc7460c9489c54ee0
hashad1c890f458b94683464c4d6d6d41fe63551c2c06ba2a1b8f71d8acb6ab16de3
hashadd013bf7ffc8a89789a7fd0ae0ff799c620af9b2755b214880b6a56768fd48c
hashafca3bb9fb8d7a4ab4ceb9707f6d9a17352ccfb8ece83c68b01fbb419818e2fc
hashb3f0d48506ff868ba145c9dcad7622bc37b723155648053ce2e2e73d8ea30e93
hashb5458541732f91793ef89cc58ec5e46d04bf43985ab4e6dc5ad10b6da21581ec
hashc1faaff24d58af798c77d34405379df0a9e883e5bd1100a86d4c3e001414acd8
hashc4768d99445128c670a6f848bc69371872e4d6a2160dbe0073e62ffd786c94ee
hashc86f319f64d25f23ac29d9b53c9764f06a150634ee8e2d836424d460e5a99b52
hashc9295c923da64738b93ff1827a39a5cb8f6c71eab060de416c8175a4a67da524
hashcc2a6a3b4b771aba341293d2321e5f7b70cf517403fe44a58635b043e8868bdb
hashd14214e95c9d1ea850e508dfe27928494f2155a7597e4ea0bad9f70690abb397
hashd567af55c97b7a595fcde5082e37a752718044230c16704e24efb43025bed0c2
hashdeba513e2dc52a2931e61f5ac6d550a7938c1f7f63f661867c09d6141ee98560
hashe5f2c7068ade7b87d24c3b94bc749c351d53609f5fcaa48dce06234beaa2444f
hashe6a414a53206e25d061a11e63c7d381ab0eb80cd3d174bd13551e2c36f8b5c04
hashe8514a2372172b4975f77bf69d5e8b7708cfa60157b064fcab13d7a62a99cc55
hashf0af281623b422c1d45e7006d78678762341288c05abcb62648ce55c6b63acb6
hashf50a01ae446adfcaaddffe215abd94b5643211e83d52acf5de540abf9fb26045
hashfa53663bfb80e197483e1a1bf123b94fa869e2d7f42b5fdfbff2869589b65a05
hashfa98deb16bd72f2f77349c8c24de674a007a3d1ec8e88dd590791a57c08ab8f6
hashfd0c7713520bd19c3e2566e93696532aa7da39a0c5ce1a797b67ce777b56d395
hashffe5853d19be1acfe12bd681c7390d8fa88534a471020e6866a9e7c37d01fea2

Ip

ValueDescriptionCopy
ip213.111.158.200
ip213.111.158.201
ip213.111.158.216
ip31.58.136.207

Threat ID: 6a55526b68715ace43db71cb

Added to database: 07/13/2026, 21:02:35 UTC

Last enriched: 07/13/2026, 21:17:30 UTC

Last updated: 07/14/2026, 02:38:53 UTC

Views: 11

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses