Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Novel Email-Based Campaign Targets Bloomberg Clients with RATs
#1
Information 
Quote:A new e-mail-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg’s industry-based services.
 
Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan” and asserting it is likely the work of one actor from an Arabic-speaking country.
 
Researchers have been tracking the e-mail based campaign since Fajan first commenced activity in March, recovering a “relatively low volume” of samples that make it tricky to determine “whether the campaigns are carefully targeted or mass-spammed,” according to a report posted online Wednesday.
 
Attacks start in the form of what look like targeted emails to clients of Bloomberg BNA, which has since been rebranded Bloomberg Industry Group. The wholly owned subsidiary of Bloomberg LLC aggregates news content in platforms for various industries such as law, tax and accounting, and government and sells them to clients.
 
“We believe this is the first time anyone’s documented Fajan’s operations in one place,” Cisco Talos researcher Vanja Svajcer wrote in the report.
 
The emails claim to contain an invoice for clients but instead include an attached Excel spreadsheet that contains macro code to either download the next infection stage or drop and run the final payload, which is always a Javascript- or VB-based RAT “that allows the attacker to take control over the infected system using HTTP over a non-standard TCP port,” he wrote.

Read more: Novel Email-Based Campaign Targets Bloomberg Clients with RATs | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>