In a new phishing campaign, the offending emails arrive in inboxes with attached, password-protected zip archives containing Word documents. (Photo by Justin Sullivan/Getty Images)
A phishing campaign has been attempting to disguise spam as an email chain, using genuine messages taken from email clients on previously compromised hosts.
Cybercriminal group TA551, aka Shathak, is behind the operation, which is known to spread information-stealing malware such as Ursnif, Valak and IcedID, according to a blog post today from the Unit 42 threat research team at Palo Alto Networks.
The campaign typically targets English-speaking victims and dates back as far as Feb. 4, 2019. However, more recently it has expanded its targets to include German, Italian and Japanese speakers. In the past, the attackers sometimes would use Ursnif and Valak as downloaders to secondarily distribute IcedID, but since July 2020 it appears they have focused exclusively on IcedID, delivering it instead via malicious macros.
The offending emails arrive in inboxes with ..
Support the originator by clicking the read the rest link below.
