Security Brief: TA866 Returns with a Large Email Campaign
released on 2024-01-18 @ 08:48:28 PM
Researchers have identified the return of TA866 to email threat campaign data, after a nine-month absence. Invoice-themed emails had attached PDFs with names such as “Document_[10 digits].pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a variant of the WasabiSeed and Screenshotter custom toolset.