🚨MirrorBlast Campaign Targets The Finance Sector 🚨

  • 19 October 2021
  • 0 replies
🚨MirrorBlast Campaign Targets The Finance Sector 🚨
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

Financial organizations are historically among the most targeted by threat actors. There are many reasons for this, not least of which is the trove of customer data the financial sector holds, as well as the funds to pay large sums of money to regain access to encrypted data. Morphisec Labs team has tracked a new version of a campaign targeting financial organizations. Dubbed "MirrorBlast" by ET Labs, the current attack campaign the Labs team has tracked began in early September. There was similar activity in April 2021 as well, but the current campaign began more recently. The attack chain of the infection bears a similarity to the tactics, techniques, and procedures commonly used by the allegedly Russia-based threat group TA505. The similarities extend to the attack chain, the GetandGo functionality, the final payload, and similarities in the domain name pattern. TA505 has been active since at least 2014 and, as far as analysts can ascertain, has a financial motivation for their actions. As a group, TA505 is most known for frequently changing the malware they use as well as driving global trends in malware distribution.

0 replies

Be the first to reply!