Weekly Threat Briefing: Charming Kitten Hackers Impersonate Journalist in Phishing Attacks | Anomali

Weekly Threat Briefing: Charming Kitten Hackers Impersonate Journalist in Phishing Attacks

February 11, 2020 | Anomali Threat Research Team

The various threat intelligence stories in this iteration of the Weekly Threat Briefing (WTB) discusses the following topics: APT, Data Leak, Phishing, PII, Ransomware, TA505, Targeted Attacks, and Vulnerability. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.


Figure 1 - IOC Summary Charts.  These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section.

TA505

The financially-motivated threat group called, “TA505,” was first reported on by Proofpoint researchers in December 2017.[1] Malicious activity attributed to the Russian-speaking group dates back to at least 2014, and the campaigns conducted by TA505 have targeted entities and individuals around the world. The group distributes a variety of malware, both well-known strains (Dridex banking trojan, Locky ransomware), custom-created (Jaff ransomware, tRAT), and variants of legitimate remote access tools (Remote Manipulator System). The group primarily distributes malware and tools via large scale and indiscriminately-distributed malspam campaigns, often through the “Necurs” botnet, with malicious attachments or links. Incorporation of new malware, creating custom malware and the use of advanced tactics, such as the removal of malware artifacts, indicate that this group is a sophisticated threat and likely well-funded. The group is innovative and shows the flexibility to pivot to other techniques and malware trends on a global scale. 

Anomali Threat Research Team
About the Author

Anomali Threat Research Team

Get the latest threat intelligence news in your email.