At the time of writing, the malware campaign spreads tens of thousands of malicious emails with each of its phases.Īccording to researchers, this malware campaign is similar to the TA505 hacker group’s activity from 20, using the same or similar email and Excel file lures, and domain naming conventions, as well as delivering a version of the FlawedGrace RAT that is known to have been created by the TA505 group. The MirrorBlast/FlawedGrace campaign is said to have started as a smaller-scale distribution of infected emails (only a couple of thousands at a time) before increasing in volume towards the end of last month. The Morphisec cybersecurity firm is also keeping tabs on this latest TA505 malware campaign, dubbing it MirrorBlast. The group has been around since 2014, at the very least, and is responsible for the creation and use of infamous malware threats such as the Dridex banking Trojah, FlawedGrace, FlawedAmmyy, the Locky Ransomware, Neutrino botnet, and more. TA505 is a group of threat actors motivated by financial gain that has established itself over the years as one a trendsetter in the fields of cybercrime due to its constantly shifting tactics and malware campaigns of unprecedented scale. Among the more notable targets of the campaign are Austria and Germany. The campaign is said to be targeted at a wide range of businesses and organizations without being limited to any particular geographical region. Yesterday (Tuesday, 20th of October), security researchers at the Proofpoint firm uncovered a large-scale malicious email campaign performed by the notorious TA505 hacker group that distributes a variant of the FlawedGrace RAT (Remote Access Trojan).
0 kommentar(er)
