Valak uses stolen email threads to spread, which often fools a user into opening malicious attachments.
The industries that have been hit hardest by this Info Stealer lately are health, energy, transportation, insurance and more.
Other similar attempted attacks on the same bank were observed, including one in which an automated email was sent, sent by LinkedIn. A similar attack was discovered against an insurance provider.
A common feature of the attacks was the ZIP file, which was even protected by a password, which increased the likelihood of bypassing the detection systems. In some cases, the researchers found that some of these messages were forwarded to other recipients within the organization, including IT staff.
As Talos further discovered, the attacks took place in many languages, such as English, German and Spanish. In most cases, their targets were businesses and organizations, but there were also emails from individuals. However, as observed by the security company, the automation used by the hackers their emails were not perfect, as some of the answers were invalid.
The campaigns were discovered as early as 2020, but most of the attacks (95%) took place in May and June. While the invaders they do not send large volumes of unwanted messages, their technique is what gives them high success rates.