TA505 Remains Active in Asia

11 - 18 June 2019

The prolific TA505 cybercriminal group has continued to target users in Asia

The prolific TA505 cybercriminal group has continued to target users in Asia, particularly South Korea, China and Taiwan, with various malware delievered via phishing emails. The emails contain a macro-embedded Office attachment or a link to download the malicious document. When the attachment is opened, an embedded script leverages legitimate Windows OS processes or living-of-the land binaries (LOLbins) to install the FlawedAmmyy downloader, ServHelper backdoor or Remote Manipulator System remotes access tool (RMS RAT). In recent campaign, TA505 also deploys a new EmailStealer via the Amadey downloader to hijack email accounts or pilfer SMTP credentials from infected hosts.



Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence