This week the Nuspire Security Analytics Team observed a new spike on TA505 activity targeting industries such as Finance, Automotive, Healthcare, and Government, among others. The threat group has modified and stabilized their social engineering technique, they were observed sending emails with an attached HTML page that contained malicious JavaScript code, which directed the victims to a compromised website that mimicked legitimate website pages, such as OneDrive, Dropbox, or Naver, through a compromised machine controlled by the intrusion set.
Nuspire continues to monitor threat actors and new and renewed exploits to share potential ways to mitigate risks. Also, the company recently published its Q2 Threat Report highlighting the increase in both botnet and exploit activity over the course of Q2 2020 by 29% and 13% respectively.
Support the originator by clicking the read the rest link below.
