08 December 18, 09:46
Quote:Multiple high-profile U.S. retail, restaurant, and grocery chains have been targeted by massive malicious email campaigns that peddled the Remote Manipulator System (RMS) tool and the FlawedAmmyy remote access trojan (RAT) since November 15.
"We attributed these campaigns to TA505, the actor behind the largest Dridex and Locky ransomware campaigns of the last two years and more recently associated with distribution of remote access Trojans (RATs) and downloaders," according to Proofpoint.
The researchers also observed that the email attachments included with the malicious emails distributed by the TA505 campaigns were personalized with the targeted company's logo to make them more credible and, hence, more efficient.
Moreover, targeting marks from the retail industry during the hectic holiday shipping season with the help of custom malicious emails shows yet again the TA505's predisposition to adapt their attacks to follow the money trail.
Proofpoint also stated that "When this group changes tactics, it tends to correspond to broader shifts and, throughout the year, we have seen both TA505 and a number of other actors focus on downloaders, RATs, information stealers, and banking Trojans, often in smaller, more targeted campaigns."
Source: https://news.softpedia.com/news/commerci...4170.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
