August in December: New Information Stealer Hits the Scene
released on 2016-12-07 @ 03:47:35 PM
During the month of November, Proofpoint observed multiple campaigns from TA530 - an actor we have previously referred to as the "personalized actor" for their highly personalized campaigns[6] - targeting customer service and managerial staff at retailers. These campaigns utilized “fileless” loading of a relatively new malware called August through the use of Word macros and PowerShell. August contains stealing functionality targeting credentials and sensitive documents from the infected computer.