TA505 threat actors currently launching new malware campaign with a backdoor capability that mainly target the financial institutions via MS Word Documents.
TA505 hacking group already had a record of distributing biggest threat campaign Dridex and widely distributing Locky ransomware that affected millions of computers around the world.
ServHelper backdoor campaign observed in 2018 along with 2 different variants associated to perform 2 different functionality, one is focused on remote desktop functions and another one is downloader variant.
A downloader variant downloads the new malware called FlawedGrace that contains a fully RAT functionality and this malware first observed in November 2017.
TA505 hacking group targeting various institutions and organizations including banks, retail businesses, and restaurants.