From threatpost.com
Threat group moves away from “smash-and-grab” attacks and adopts a boutique approach to targeting victims.
Cybercriminals behind the notorious Dridex and Locky ransomware have a new target in their sights – large retail, restaurant and grocery chains located in the US.
Researchers are warning the well-known financial criminal group TA505 is behind a new wave of email campaigns distributing personalized malware-laced attachments, a technique not previously associated with the threat actor.
Since November 15, the security firm Proofpoint said it has been tracking the email campaign targeting retailers with attachments that if opened attempt to install the FlawedAmmyy remote access trojan and Remote Manipulator System software.