sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

The cybercrime group, known by the name of TA505, recently resurfaced with updated features using HTML redirectors for delivering malicious Excel documents. By using distributing systems, such as Necurs botnet, the group have been widely recognised since 2014 for their malleable, adjustable and extensive ransomware, malware, trojans and spam operations. With the sole intention of acquiring money and capital, targets are predominantly in the financial and retail sectors.

The real issue is that TA505 uses localised HTML files in different languages. This means that targets are made worldwide, in any region, within any vertical. Such customisation has meant that attacks have been noted globally, with significant emphasis on Singapore, UAE and the US.

Due to the scale at which targets are made, the direct effect TA505 has had on promoting particular entities, including Globelmposter and other malware options such as FlawedAmmyy, has been significant. The group went quiet for a period, but now TA505 is back to circulating Remote Access Trojans (RATs), malware downloaders and ransomwares, onto their victim’s technology.

How does it work?

After opening a false attachment, the HTML downloads a malicious Excel file that drops the payload into the victim’s machine. Upon execution, the malware dumps the GraceWire Trojan into the infected device. Attackers also use an IP traceback service, allowing them to track the IP addresses of machines that download their malicious Excel file. This technique has not been adopted by such threat actors before.

For additional reading, see what Microsoft Security Intelligence stated about the threat, in a series of tweets, here.

Si Consult’s Recommendations

  • Keep applications and operating systems running at the current released patch level.
  • Update your anti-virus solutions with latest virus definitions.
  • Check for the presence of pirated software’s, uninstall them and scan systems with the latest virus definitions.
  • Avoid handling files from non-trusted sources.

For more information, support or advice about the threat, contact the team today.

Webinar - The Central Nervous System of your security

All News

Register and stay up to date with Si’s Cyber Intelligence

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

7 Greenwich View Pl, Canary Wharf, London E14 9NN

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.