Threat Hub
The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
A high volume spam distributor sticks a fork in IcedID. And recapping the Virus Bulletin VB2023 conference on our podcast.
This week on The Threat Hub: TA571 is a prolific e-crime actor, so when this group changes tack, our threat researchers move quickly to track the activity. In a new Security Brief, the team breaks down campaigns from mid-October in which TA571 delivered the Forked variant of IcedID. The campaigns included over 6,000 messages each, targeting more than a thousand businesses across multiple industries. The campaigns used thread hijacking–where attackers reply to messages in an existing email thread–to distribute URLs linking to a password-protected ZIP file.
The malicious URLs used 404 TDS, a traffic distribution system seen regularly in TA571 attacks. Various filtering checks were put in place prior to delivery of the ZIP download. Forked IcedID was first identified in February 2023, and its appearance in campaigns is still rare. One of the biggest differences between the forked and original variants is that the former does not contain banking functionality. Using the newer variant may point to these recent campaigns being oriented towards secondary payload delivery, such as ransomware. Check out the blog post for more details, including IoCs and Emerging Threats signatures.
And on this week’s Five-Minute Forecast, Okta hit by another security breach, France points the finger at Russian cyberattackers, and Selena Larson shares a report from Virus Bulletin 2023 in London.
Like many threat groups, spam distributor TA571's activity appeared to decrease over the summer and then returned in high volumes in August. Since then volumes have been smaller, and the group has experimented with a new payload. High volume attackers often take time off over major holiday to reformulate their lures, retool their malware–and maybe just unwind.
Equip your team with threat intelligence
Go Deeper with Proofpoint Threat Intelligence Services
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreCyberattackers target people. They exploit people. Ultimately, they are people. That’s why the Human Factor report focuses on how technology and psychology combine to make people so susceptible to modern cyber threats. In this first volume, we take a closer look at attacks that rely on social engineering, including business email compromise (BEC) threats, email fraud and phishing.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
