Watch out TA866 brings WasabiSeed & Screenshotter Malware, invoice phishing

January 21, 2024
1 min read

TLDR: The threat actor TA866 has launched a new phishing campaign targeting North America, deploying known malware families including WasabiSeed and Screenshotter. The campaign involves sending thousands of invoice-themed emails containing decoy PDF files that, if clicked, lead to a multi-step infection chain resulting in the delivery of the malware payload. TA866, which was first documented in February 2023, is believed to be financially motivated. The campaign marks the return of the actor after a nine-month hiatus and closely resembles previous campaigns attributed to TA866. The latest attack chain primarily involves the use of PDFs with rogue OneDrive links, distributed using a spam service provided by TA571. The malware delivered in this campaign includes DarkGate, a Malware-as-a-Service tool sold on underground forums. The resurgence of TA866 follows the discovery of a new evasion tactic that misuses the caching mechanism of security products.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and