Security News > 2021 > October > Email phishing crapcannon operators TA505 are back from the dead, researchers warn
A prolific email phishing threat actor - TA505 - is back from the dead, according to enterprise security software slinger Proofpoint.
TA505, which was last active in 2020, restarted its mass emailing campaigns in September - armed with new malware loaders and a RAT. "Many of the campaigns, especially the large volume ones, strongly resemble the historic TA505 activity from 2019 and 2020," said Proofpoint in a statement today.
"The commonalities include similar domain naming conventions, email lures, Excel file lures, and the delivery of the FlawedGrace remote access trojan."
Common phishing lures include insurance claims paperwork and emails claiming to have secure messages attached.
Attachments in the phishing emails include Excel spreadsheets and HTML files linking to malware-laden Excel files.
Should someone open a tainted attachment or click a phishing link in a TA505 message, the malware downloads a Microsoft Installer package, which in turn executes a loader written in the KiXtart scripting language.
News URL
Related news
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishing emails delivering infostealers surge 84% (source)
- CoGUI phishing platform sent 580 million emails to steal credentials (source)
- Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails (source)