Skip to main content

Three new malware families found in global finance phishing campaign

posted onMay 4, 2021
by l33tdawg
Flickr
Credit: Flickr

Researchers have found three new malware families used in a widespread phishing campaign entrenched in financial crime. On Tuesday, FireEye's Mandiant cybersecurity team said the malware strains, dubbed Doubledrag, Doubledrop, and Doubleback, were detected in December 2020.

The threat actors behind the malware, described as "experienced and well-resourced," are being tracked as UNC2529. Organizations in the US, EMEA region, Asia, and Australia have, so far, been targeted in two separate waves.

Phishing messages sent to potential victims were rarely based on the same email addresses and subject lines were tailored to targets; in many cases, threat actors would masquerade as account executives touting services suitable for different industries -- including defense, medicine, transport, the military, and electronics. Over 50 domains, in total, were used to manage the global phishing scheme. In one successful attack, UNC2529 successfully compromised a domain owned by a US heating and cooling services business, tampered with its DNS records, and used this structure to launch phishing attacks against at least 22 organizations. 

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th