Novel Email-Based Campaign Targets Bloomberg Clients with RATs

2021-04-21 12:00

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans to a very specific group of targets who use Bloomberg's industry-based services.

Researchers have been tracking the email based campaign since Fajan first commenced activity in March, recovering a "Relatively low volume" of samples that make it tricky to determine "Whether the campaigns are carefully targeted or mass-spammed," according to a report posted online Wednesday.

Attacks start in the form of what look like targeted emails to clients of Bloomberg BNA, which has since been rebranded Bloomberg Industry Group.

"The attachment name always contains some form of the Bloomberg BNA Invoice name combined with a random number specific for a particular campaign," Svajcer explained.

"Some early examples of campaign email messages contain a second attachment containing a copy of the email body text as a clean RTF file."

One of the RATs observed in the campaign was identified as NanoCore RAT, a commercial trojan which has been available for purchase since at least 2013, according to the report.

News URL

https://threatpost.com/email-campaign-targets-bloomberg-clients/165514/

#email #RAT