Threat Actor TA505 Targets Financial Enterprises Using LOLBINS and a new backdoor malware
released on 2019-04-25 @ 02:23:18 PM
In this research, Cybereason introduce a meticulously planned, malicious operation against a financial institution in April of 2019. This advanced operation combines a targeted phishing attack with advanced tools that gather intel on the environment. The operation chooses whether or not to create persistence and installs a sophisticated backdoor called ServHelper used to take over the network.