Security News > 2021 > October > Russian cybercrime gang targets finance firms with stealthy macros

Russian cybercrime gang targets finance firms with stealthy macros
2021-10-15 13:58

A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations.

The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk.

The developers of these malicious documents have made considerable effort to obfuscate malicious code, achieving zero detections on VirusTotal.

These optimized documents have drawbacks that the actors are apparently willing to accept as trade-offs.

The actors behind the campaign appear to be 'TA505,' an active Russian threat group that has a long history of creativity in the way they lace Excel documents in malspam campaigns.

TA505 is a highly sophisticated threat actor that is known for a wide-range of malicious activity over the years.


News URL

https://www.bleepingcomputer.com/news/security/russian-cybercrime-gang-targets-finance-firms-with-stealthy-macros/