Hacking Syndicate TA505 Back with Focus on Info-Stealing Trojan
A hacking syndicate profusely launching attacks is back, now executing one fresh campaign that seemingly thrusts one novel RAT (remote access trojan) onto people's computers that would open a backdoor and aid in theft of banking information and other credentials.
It's assumed the syndicate behind the campaign is TA505 having all the necessary resources to be active starting 2014 if not earlier. The hackers are responsible for a few very large cyber attacks that were carried out in recent years wherein the attacked victims were hit with ransomware strains such as Jaff and Locky and the banker Trojan namely Dridex, as well as other malicious programs.
For launching a large number of these attacks the Necurs network-of-bots was used, the botnet a very big spam generator that online crooks use.
Researchers from Proofpoint the security company have detailed the latest attack campaign of TA505. Along with other gangs of cyber-criminals, who have changed their attack tools, TA505 too has changed focus from banker Trojans and ransomware to RATs.
A particular RAT, which TA505 is using, researchers have dubbed it tRat. This one is primarily used for attacking financial institutions to grab financial data, credentials along with other details useful for operations by online criminals. According to security researchers, tRat possibly has other capabilities which have not yet been tried in criminal operations.
It was during late September when researchers detected the malware attack that involved phishing e-mails serving so-called secure files to the targets that required viewing. The attack's updated edition was noticed during October which was just a little more advanced. This one had various subject lines that associated with invoices from various companies such as logistics and equipment companies.
The switch to Trojans by TA505 apparently indicates the gang's change in techniques after initially looking for short-term profits mainly, however currently seems as extending its game.
Citing TA505, Dawson states the syndicate's constant adoption and examination of info stealers and RATs indicates its wider shifts from ransomware like extremely destructive malware to malicious programs of persistent and stealthy nature which would yield monetary returns for a longer period.
» SPAMfighter News - 11/22/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!