Security News > 2021 > October > Email phishing crapcannon operators TA505 are back from the dead, researchers warn

Email phishing crapcannon operators TA505 are back from the dead, researchers warn
2021-10-19 17:15

A prolific email phishing threat actor - TA505 - is back from the dead, according to enterprise security software slinger Proofpoint.

TA505, which was last active in 2020, restarted its mass emailing campaigns in September - armed with new malware loaders and a RAT. "Many of the campaigns, especially the large volume ones, strongly resemble the historic TA505 activity from 2019 and 2020," said Proofpoint in a statement today.

"The commonalities include similar domain naming conventions, email lures, Excel file lures, and the delivery of the FlawedGrace remote access trojan."

Common phishing lures include insurance claims paperwork and emails claiming to have secure messages attached.

Attachments in the phishing emails include Excel spreadsheets and HTML files linking to malware-laden Excel files.

Should someone open a tainted attachment or click a phishing link in a TA505 message, the malware downloads a Microsoft Installer package, which in turn executes a loader written in the KiXtart scripting language.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/19/ta505_email_phishing_threat_group_returns/