New APT Group Impersonates Government Agencies to Spread Malware
A new threat group known as TA2101 has been impersonating the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency to spread malware. The phishing campaigns delivering malicious attachments were observed since the end of October and required users to enable macros after opening the attachment. This would initiate the download of the Cobalt Strike pentesting tool or the IcedID banking trojan, which could be used to install and execute second stage payloads. The threat actors also targeted IT support companies to distribute the Maze ransomware to all customers of the managed service provider.
References:TA2101 Plays Government Imposter to Distribute Malware to German, Italian, and US Organizations
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services