[German]Security researchers from Palo Alto Networks warn of a current email-based attack campaign TA551, which now also targets German-, Italian- and Japanese-speaking victims. Malware-infested email attachments are old hat – but I'm posting the warning here.
Advertising
Security researchers at Palo Alto Networks, have been investigating the recent activities of TA551. TA551, also known as Shathak, is an email-based malware attack campaign that has so far targeted English-speaking victims. However, in TA551's recent activity, German-, Italian-, and Japanese-speaking victims are now also being targeted by the cybercriminals.
(Source: Pexels Markus Spiske CC0 Lizenz)
Email with malware attached
The initial email pretends to be an email chain. These email chains are retrieved by email clients on previously infected hosts. The message contains an attached ZIP archive and a message informing the user about a password required to open the attachment. After opening the ZIP archive, the victim finds a Microsoft Word document with macros. If the victim enables macros on a vulnerable Windows computer, the victim's host retrieves an installer DLL for IcedID malware. This infects a vulnerable Windows computer.
TA551 has evolved
TA551 has evolved since Palo Alto Networks last observed the attackers in July 2020 and had spread various families of data-stealing malware in the past. In recent months, IT security professionals frequently recorded IcedID as a follow-up malware to Valak and Ursnif infections, which were TA551's fault. The attackers seem to have abandoned the malware downloaders used in the past and are now directly using the information stealer IcedID.
Although TA551 has settled on IcedID as its malware payload, Palo Alto Networks continues to observe changes in traffic patterns and infection artifacts. Organizations with proper spam filtering, proper system administration and up-to-date Windows hosts have a much lower risk of infection.
Advertising
Palo Alto Networks is a global provider of cybersecurity solutions. For more information on the TA551 campaign, see this article.
