Security News > 2023 > February > Hacker develops new 'Screenshotter' malware to find high-value targets
A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems.
The threat actor targets victims using phishing emails that include Microsoft Publisher attachments with malicious macros, URLs linking to.
If the recipients of these emails click on the URLs, a multi-step attack chain is triggered, resulting in the download and execution of "Screenshotter," one of TA886's custom malware tools.
Proofpoint says TA886 is actively involved in the attacks, checking the stolen data and sending commands to its malware during times that resemble a regular workday in the UTC+2 or UCT+3 time zone.
Proofpoint has attempted to find overlaps and similarities with past reports describing similar TTPs, but it could not make any definitive connections.
TA886 attacks are still underway, and Proofpoint warns that Active Directory profiling should be a cause of concern, as it could compromise all domain-joined hosts with information-stealing malware.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)