Malicious Multilingual ZIP Files Strike Banks and Government Offices

A sophisticated phishing campaign leveraging multilingual ZIP file lures has emerged across East and Southeast Asia, targeting government institutions and financial organizations with unprecedented coordination.

Security researchers utilizing Hunt.io’s AttackCapture™ and HuntSQL™ datasets have uncovered an interconnected network of 28 malicious webpages operating across three language clusters, revealing a scalable, automation-driven infrastructure designed to deliver staged malware payloads disguised as legitimate bureaucratic documents.

The campaign represents a significant evolution in regional cyber threats, demonstrating how adversaries are recycling identical web components—including scripts, page titles, and file naming conventions—across Chinese, Japanese, and English-language variants.

This multilingual approach enables threat actors to cast a wider net across Taiwan, Hong Kong, Japan, Indonesia, Malaysia, and other Southeast Asian nations, adapting their social engineering tactics to match local administrative and financial contexts.

Analysis of the campaign infrastructure reveals a remarkably consistent technical pattern. All identified webpages employ ...