A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies involved in sending the emails, together with the email template style ( the way they use the recipient’s email address in the subject line ) suggests it probably is. However whoever is actually sending these today are not making the same careless or stupid mistakes that we have been seeing recently with the hawkeye campaigns. They are using email addresses and … Continue reading →