Watch out TA866 brings WasabiSeed & Screenshotter Malware, invoice phishing

January 21, 2024
1 min read

TLDR: The threat actor TA866 has launched a new phishing campaign targeting North America, deploying known malware families including WasabiSeed and Screenshotter. The campaign involves sending thousands of invoice-themed emails containing decoy PDF files that, if clicked, lead to a multi-step infection chain resulting in the delivery of the malware payload. TA866, which was first documented in February 2023, is believed to be financially motivated. The campaign marks the return of the actor after a nine-month hiatus and closely resembles previous campaigns attributed to TA866. The latest attack chain primarily involves the use of PDFs with rogue OneDrive links, distributed using a spam service provided by TA571. The malware delivered in this campaign includes DarkGate, a Malware-as-a-Service tool sold on underground forums. The resurgence of TA866 follows the discovery of a new evasion tactic that misuses the caching mechanism of security products.

Latest from Blog

44k Americans first to suffer data breach: Are you next?

TLDR: First American Financial Corporation disclosed a data breach affecting 44,000 individuals in December 2023. The company offered free credit monitoring and identity protection services to the affected individuals. The First American