image
The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherrod DeGrippo, vice president, Threat Research and Detection at Proofpoint. “Tracking TA505 is one of life’s guilty little pleasures,” she admitted. “They are a trailblazer in the world of cybercrime, regularly changing up their [tactics, techniques and procedures, or TTPs].” TA505, aka Hive0065, is a gang of cybercrooks involved in both financial swindles and state-sponsored actions. Proofpoint researchers describe the group as being “one of the more prolific actors” that they track. It’s behind the biggest spam campaigns the firm has ever seen: namely, distribution of the Dridex banking trojan. Proofpoint has also tracked the gang distributing Locky and Jaff ransomwares, the Trick banking trojan, and others “in very high volumes,” Proofpoint says. TA505, which actively targets a slew of industries – including finance, retail and restaurants – has been active since at least 2014. It’s known for frequent malware switchups and for driving global trends in criminal malware distribution. The most recent bout of campaigns is reminiscent of TA505’s activity from 2019 and 2020, but “it doesn’t lack for some intriguing, new elements,” DeGrippo said, including spiffed-up tools and exotic…

Source