The article from The Hacker News provides an in-depth analysis of a new cyber threat actor called TA866. This actor has recently been found to be running a large-scale phishing campaign, which primarily targets North American businesses and organisations. The attackers are using sophisticated tactics to distribute malware like WasabiSeed and Screenshotter, which can cause significant damage to the victim’s system and data.

The phishing campaign involves sending invoice-themed emails to the victims, luring them into downloading a decoy PDF file with a OneDrive URL link. Once the victim clicks the link, they are redirected to a malware infection chain that can download and install various malware onto their system. TA866, which has been active since February 2023, is known for using Screenshotter for reconnaissance and deploying further malware like Rhadamanthys stealer.

According to the article, the attackers have now started using PDFs instead of macro-enabled attachments to evade detection by security solutions. The campaign is also supported by a spam distributor called TA571, which is responsible for sending out thousands of phishing emails every day.

Furthermore, the article sheds light on the use of DarkGate malware, which the attackers are using to gain access to sensitive information and steal data from targeted organisations. The article also discusses recent trends in phishing attacks, which are becoming more sophisticated and targeting various industries with tailored content and messaging.

If you are interested in learning more, you can read the full article on The Hacker News website here:

https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html