Novel Email-Based Campaign Targets Bloomberg Clients with RATs
#1
Information 
Quote:A new e-mail-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg’s industry-based services.
 
Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan” and asserting it is likely the work of one actor from an Arabic-speaking country.
 
Researchers have been tracking the e-mail based campaign since Fajan first commenced activity in March, recovering a “relatively low volume” of samples that make it tricky to determine “whether the campaigns are carefully targeted or mass-spammed,” according to a report posted online Wednesday.
 
Attacks start in the form of what look like targeted emails to clients of Bloomberg BNA, which has since been rebranded Bloomberg Industry Group. The wholly owned subsidiary of Bloomberg LLC aggregates news content in platforms for various industries such as law, tax and accounting, and government and sells them to clients.
 
“We believe this is the first time anyone’s documented Fajan’s operations in one place,” Cisco Talos researcher Vanja Svajcer wrote in the report.
 
The emails claim to contain an invoice for clients but instead include an attached Excel spreadsheet that contains macro code to either download the next infection stage or drop and run the final payload, which is always a Javascript- or VB-based RAT “that allows the attacker to take control over the infected system using HTTP over a non-standard TCP port,” he wrote.

Read more: Novel Email-Based Campaign Targets Bloomberg Clients with RATs | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Brave 1.80.115
Release Channel 1....harlan4096 — 08:25
Microsoft Edge 138.0.3351.65
Version 138.0.3351...harlan4096 — 08:24
PowerToys v0.92
PowerToys v0.92​ ...harlan4096 — 08:22
Opera 135.0.7049.115
Dear Opera Users, ...harlan4096 — 08:20
UltraSearch 4.8
Version 4.8​ Ne...harlan4096 — 08:17

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (46)dapedDow
avatar (48)TromPerl
avatar (45)RidgeDimb
avatar (36)ipumaqar
avatar (50)tanliorsPeri
avatar (42)lapedDow
avatar (48)rituabew
avatar (36)omyjul
avatar (40)papedDow
avatar (49)ArnoldFum
avatar (37)yfaza
avatar (48)Kevensi
avatar (47)ConradRoand
avatar (38)boineDon
avatar (50)spoofTum
avatar (49)WillieVot
avatar (39)Grompelbawn
avatar (40)vkseogaF
avatar (36)usogy
avatar (39)ywixazok
avatar (37)ixoqe
avatar (55)Step 1
avatar (35)pa.OpenTran

[-]
Online Staff
mjcn19's profile mjcn19

>