Quote:Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team.
On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback. What Mandiant called the “trifecta” spear-phishing campaign twice hit a wide swath of industries worldwide: first on Dec. 2, 2020, with a second wave launched between Dec. 11 and Dec. 18, 2020.
The US was the primary target for attacks in both waves, while EMEA and Asia and Australia shared equal suffering in the first wave.
Mandiant tracks the threat actor as UNC2529 and says that these guys are pros. Given the “considerable” infrastructure they have at their disposal, their carefully crafted phishing lures, and what the researchers called the “professionally coded sophistication” of the malware, the team says that the UNC2529 attackers seem “experienced and well-resourced.”
The UNC2529 gang researched their targets well, tailoring their phishing email subject lines to their intended victims. In one instance, the threat actors masqueraded as an account executive for a small, California-based electronics manufacturer, sending out seven phishing emails that targeted a slew of industries, from medical to defense. All of the emails contained subject lines that were specific to the products of the company that the threat actors were pretending to be associated with.
Read more: Phishing Attacks Spawn Three New Malware Strains | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
