TA505 APT Group Returns With New Techniques: Report (Feb 3, 2020)
Microsoft has detected the return of TA505 in a new campaign. They have observed the threat group using new TTPs including the use of HTML redirectors attached to emails. Despite these changes Microsoft researchers point out that TA505 is still utilising the previously-reported malware called GraceWire. GraceWire is an infostealer.
Recommendation: Educate your employees on the risks of opening attachments from unknown senders. Additionally, individuals should be aware of how financial companies communicate and if an email seems unusual, a user should visit the official website of said company and make an inquiry before opening any email attachment. Anti-spam and antivirus applications provided from trusted vendors should also be employed.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.