Cybercriminals behind the notorious Dridex and Locky ransomware have a new target in their sights – large retail, restaurant and grocery chains located in the US.
Researchers are warning the well-known financial criminal group TA505 is behind a new wave of email campaigns distributing personalized malware-laced attachments, a technique not previously associated with the threat actor.
Since November 15, the security firm Proofpoint said it has been tracking the email campaign targeting retailers with attachments that if opened attempt to install the FlawedAmmyy remote access trojan and Remote Manipulator System software.
FlawedAmmyy is a remote access trojan built from leaked source code of the popular remote desktop software Ammyy Admin. The Remote Manipulator System (RMS) client, similar to TeamViewer, is a remote desktop utility.
“We attributed these campaigns to TA505, the actor behind the largest Dridex and Locky ransomware campaigns of the last two years,” according to a Proofpoint technical write-up describing the
campaigns posted Thursday.
