Security News > 2021 > October > A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns
2021-10-19 21:12

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria.

Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to the financially motivated threat group that's been active in the cybercrime business since at least 2014, and is behind the infamous Dridex banking trojan and other arsenals of malicious tools such as FlawedAmmyy, FlawedGrace, Neutrino botnet, and Locky ransomware, among others.

The attacks are said to have started as a series of low-volume email waves, delivering only several thousand messages in each phase, before ramping up in late September and as recently as October 13, resulting in tens to hundreds of thousands of emails.

"The commonalities include similar domain naming conventions, email lures, Excel file lures, and the delivery of the FlawedGrace remote access trojan."

"Throughout the years the group heavily relied on third party services and tooling to support its fraudulent activities the group now mostly operates independently from initial infection until monetization."

"TA505 is an established threat actor that is financially motivated and known for conducting malicious email campaigns on a previously unprecedented scale," Proofpoint said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/CTB4FK5-AQg/a-new-variant-of-flawedgrace-spreading.html