TA505 Gang Is Back With Newly Polished FlawedGrace RAT

2021-10-19 09:00

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month.

In an analysis published on Tuesday, Proofpoint said that its researchers have been tracking renewed malware campaigns from TA505 that started out slowly at the beginning of September - with only several thousand emails per wave, distributing malicious Excel attachments - and then pumped up the volume later in the month, resulting in tens to hundreds of thousands of emails by the end of September.

Many of the campaigns - particularly the heftier ones - "Strongly resemble" what the gang was up to between 2019 and 2020, including similar domain naming conventions, email lures, Excel file lures, and the delivery of the FlawedGrace RAT, according to the writeup.

In the early September waves of email attacks, TA505 used more specific lures that didn't affect as many industries as the more recent October 2021 campaigns Proofpoint researchers said.

By the time that the campaigns ramped up in late September/early October, TA505 was targeting more industries, and the gang began to use both URL- and attachment-based email campaigns.

Proofpoint picked up on similarities between current and older TA505 campaigns.

News URL

https://threatpost.com/ta505-retooled-flawedgrace-rat/175559/

#RAT