The hacker group known as TA866after a break lasting several months, seems to be back in business with a new one campagna phishing far-reaching.
According to what was revealed by researchers at Proofpointthe cybercriminal would be responsible for an operation on the territory of Nord Americawith thousands of emails sent to potential victims.
Apparently, the emails contain a PDF attachment, with a URL that directs the reader to OneDrive. If clicked, an infection involving a malware variant is launched Wasabi Seed. This, in turn, involves downloading and running payload additional.
Among the various malicious agents, there is talk of Screenshotter. As you can guess from the name, it is a tool that allows the hacker to take screenshots from the compromised device.
TA866 Phishing Campaign: The use of OneDrive is a first for the group
For Proofpoint, the campaign in question resembles another similar action undertaken by TA866 last March.
Compared to the previous operation, however, there are some substantial innovations, such as the use of OneDrive and the absence of the exploitation of malicious links already present in the body of the email.
The researchers describe TA866 as a “Organized capable of executing well-thought-out attacks on a large scalea”, capable of using customized tools and exploiting new and advanced ones. As reported by experts, the group conducts both campaigns crimeware what about cyberspionaggio. In this case, however, it seems that TA866 is driven by a purely economic motive.
This highlights, once again, how the phenomenon of phishing is a real danger. In fact, to avoid possible risks, it is essential to adopt great caution when dealing with e-mail and the need to rely on a security suite able to provide adequate guarantees.