TA505 Remains Active in Asia
The prolific TA505 cybercriminal group has continued to target users in Asia, particularly South Korea, China and Taiwan, with various malware delievered via phishing emails. The emails contain a macro-embedded Office attachment or a link to download the malicious document. When the attachment is opened, an embedded script leverages legitimate Windows OS processes or living-of-the land binaries (LOLbins) to install the FlawedAmmyy downloader, ServHelper backdoor or Remote Manipulator System remotes access tool (RMS RAT). In recent campaign, TA505 also deploys a new EmailStealer via the Amadey downloader to hijack email accounts or pilfer SMTP credentials from infected hosts.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services