Category Archives: ta505

TA505 hackers thwarted at the door of a big financial org

Posted on by

A failed attempt to breach a big financial institution is providing new data on a global criminal hacking group known for authoring the widely-used Locky ransomware. The group, dubbed TA505, has stalked financial organizations on multiple continents. Boston-based security company Cybereason says earlier this month it blocked a hack from the group against an unnamed financial institution. “This malware is part of a larger campaign” against organizations that was precise in its targeting, Eli Salem, a Cybereason security analyst, told CyberScoop. The fresh threat intelligence from the breach attempt includes a revamped backdoor and an example of how the hackers are signing their malicious code using a legitimate certificate – a hallmark of advanced groups looking to avoid detection. TA505 is known for writing the Windows-based Locky ransomware that emerged in February 2016. At its height, Locky was one of the most common ransomware strains, employed in mass email campaigns for […]

The post TA505 hackers thwarted at the door of a big financial org appeared first on CyberScoop.

Continue reading TA505 hackers thwarted at the door of a big financial org

Proofpoint: Hackers testing new reconnaissance malware on financial institutions

Posted on by

Hackers appear to be testing a new strain of malicious software in phishing emails sent to commercial banks and other targets, researchers from the security vendor Proofpoint said in a report published Thursday. The malware, dubbed tRat, employs modular capabilities, meaning it infiltrates a target for reconnaissance purposes and maintains the ability to download malicious payloads in the future. Proofpoint says tRat is being used by a group known as TA505, and another unidentified threat actor that used tRat as recently as October. Researchers say they haven’t observed the remote access trojan (RAT) being used to download any other malware to victims’ systems, so purpose of this campaign remains unclear. “[W]e can only speculate on what the eventual capabilities of the RAT may be,” Chris Dawson, threat intelligence lead at Proofpoint, told CyberScoop in an email. Proofpoint describes TA505 as a financially motivated threat group that has been involved in distributing […]

The post Proofpoint: Hackers testing new reconnaissance malware on financial institutions appeared first on Cyberscoop.

Continue reading Proofpoint: Hackers testing new reconnaissance malware on financial institutions

Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks

Posted on by

A newly discovered malware campaign that currently conducts simple reconnaissance has the versatility to download additional capabilities onto a victim’s system, according to a report published Thursday by Proofpoint. Researchers say the malware, which is named “Marap” after a detail in its command and control (C&C) server, bears similarity to other campaigns associated with a threat actor known as TA505. Proofpoint says it has observed “millions of messages” in a malicious email campaign earlier this month. Emails tend to have various types of attachments, such as PDF files and Microsoft Word documents, laced with the Marap malware. Some of the phishing documents co-opt the name of a major U.S. bank in their fake communications, Proofpoint says. So far, the researchers say that the only functionality they’ve observed in Marap is to fingerprint systems it infects. The malware gathers basic information — usernames, domain names, IP addresses, country, anti-virus software detected […]

The post Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks appeared first on Cyberscoop.

Continue reading Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks