Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
What happened Proofpoint identified TA547 targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time researchers observed TA547 use Rhadamanthys,...
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering | Proofpoint US
Key takeaways TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the No...
TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish. * In addition to serving as an initial access broker, these additional injects imply TA569 may be running a pay-per-install (PPI) service * TA569 may remove injections from compromised websites only to later re-add them to the same websites. * There are multiple opportunities for defense against TA569: educating users about the activity, using Proofpoint’s Emerging Threats ruleset to block the payload domains, and blocking .js files from executing in anything but a text editor.
Reservations Requested: TA558 Targets Hospitality and Travel
TA558 is a likely financially motivated small crime threat actor targeting hospitality, hotel, and travel organizations. * Since 2018, this group has used consistent tactics, techniques, and procedures to attempt to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT. * TA558’s targeting focus is mainly on Portuguese and Spanish speakers, typically located in the Latin America region, with additional targeting observed in Western Europe and North America. * TA558 increased operational tempo in 2022 to a higher average than previously observed. * Like other threat actors in 2022, TA558 pivoted away from using macro-enabled documents in campaigns and adopted new tactics, techniques, and procedures.
* TA569 leverages many types of injections, traffic distribution systems (TDS), and payloads including, but not limited to, SocGholish. * In addition to serving as an initial access broker, these additional injects imply TA569 may be running a pay-per-install (PPI) service * TA569 may remove injections from compromised websites only to later re-add them to the same websites. * There are multiple opportunities for defense against TA569: educating users about the activity, using Proofpoint’s Emerging Threats ruleset to block the payload domains, and blocking .js files from executing in anything but a text editor.
Reservations Requested: TA558 Targets Hospitality and Travel
* TA558 is a likely financially motivated small crime threat actor targeting hospitality, hotel, and travel organizations. * Since 2018, this group has used consistent tactics, techniques, and procedures to attempt to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT. * TA558’s targeting focus is mainly on Portuguese and Spanish speakers, typically located in the Latin America region, with additional targeting observed in Western Europe and North America. * TA558 increased operational tempo in 2022 to a higher average than previously observed. * Like other threat actors in 2022, TA558 pivoted away from using macro-enabled documents in campaigns and adopted new tactics, techniques, and procedures.
Reservations Requested: TA558 Targets Hospitality and Travel
* TA558 is a likely financially motivated small crime threat actor targeting hospitality, hotel, and travel organizations. * Since 2018, this group has used consistent tactics, techniques, and procedures to attempt to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT. * TA558’s targeting focus is mainly on Portuguese and Spanish speakers, typically located in the Latin America region, with additional targeting observed in Western Europe and North America. * TA558 increased operational tempo in 2022 to a higher average than previously observed. * Like other threat actors in 2022, TA558 pivoted away from using macro-enabled documents in campaigns and adopted new tactics, techniques, and procedures.
