TA866 New Financially-Motivated Threat Actor Targeting US and Germany Organizations

February 28, 2023

Threat Level

Actor Report

Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.

Summary

A new financially motivated threat actor named TA866 has been active since October 2022 and targets organizations in the United States and Germany. The attack chain starts with a malicious email containing an attachment or URL, leading to the installation of WasabiSeed and Screenshotter. TA866 is an organized actor that is able to perform attacks at scale based on their custom tools and ability to purchase tools and services from other vendors.

TA866 New Financially-Motivated Threat Actor Targeting US and Germany Organizations

Threat Level

Actor Report

Summary

AgentTesla Trojan Returns with Phishing Campaigns Using GuLoader to Steal Secrets

Malicious DPRK Actors Target the Healthcare Industry in the US & South Korea

Recent Posts