In TA505 group’s latest campaign, they started using HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target users in South Korea. We also touch on the latest TA505 developments, including an email stealer, their use of legitimate software and MSI Installer, and more.
Read More
The cybercriminal group Lazarus, and particularly its subgroup Bluenoroff, has a history of attacking financial organizations in Asia and Latin America. There seems to be a resurgence of activity from the group, and recent events show how their tools and techniques have evolved. We discovered that they successfully planted their backdoor into several machines of financial institutions across Latin America.
Read More