TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years

Proofpoint researchers are continuing to monitor malicious threat actor activity surrounding COVID-19. To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever. We’ve observed credential phishing, malicious attachments, malicious links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware, among others, all leveraging coronavirus lures.

Over the past week, the team observed a campaign from TA505, the group behind Locky ransomware and the Dridex banking Trojan, that uses a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries.

The team also found a separate coronavirus-themed campaign that uses a downloader, targets the healthcare industry, and demands Bitcoin payment. Indicating a potential future shift in the attack landscape, the downloaders used in the above two campaigns are sometimes seen as a first stage payload before ransomware is later downloaded and installed on a victim’s machine. Ransomware is typically delivered as either second or later stage payload.

We’ve additionally seen TA564 using coronavirus emails to target Canadian users by spoofing the Public Health Agency of Canada in an attempt to deliver Ursnif.

Read more at Proofpoint

(Visited 216 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top
X
X