Hackers Targeting U.S. and German Firms Monitor Victims’ Desktops with Screenshotter

From thehackernews.com

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information.

Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated.

“TA866 is an organized actor able to perform well thought-out attacks at scale based on their availability of custom tools; ability and connections to purchase tools and services from other vendors; and increasing activity volumes,” the company assessed.

Campaigns mounted by the adversary are said to have commenced around October 3, 2022, with the attacks launched via emails containing a booby-trapped attachment or URL that leads to malware. The attachments range from macro-laced Microsoft Publisher files to PDFs with URLs pointing to JavaScript files.

Read more…