A financially motivated gang is targeting retailers and financial institutions around the world using remote access software.
CyberInt's Research Lab has found that TA505 is using tactics and an off-the-shelf commercial remote administration tool, developed by Russian-based company TektonIT. The group was behind attacks on the global financial industry between December 2018 and February 2019 and is using the same techniques, according to the company.
Proofpoint says that according to its actor profile, "TA505 is responsible for the largest malicious spam campaigns we have ever observed, distributing instances of the Dridex banking Trojan, Locky ransomware, Jaff ransomware, The Trick banking Trojan and several others in very high volumes."
"Although they are using phishing and social engineering to get the software into the organisations, once its installed, it’s virtually undetectable by traditional threat protection systems because it’s legitimate software,” says Adi Peretz, senior strategic consultant and head of research at CyberInt. “They are still very much active and this is only the beginning of our deep-dive investigation.”
No tags.
