A Russian-linked group known as Turla has been deploying a secondary backdoor against numerous targets to maintain persistence within compromised devices even after the primary malware has been discovered and removed, Cisco Talos report. Victims include U.S., German and Afghan organizations.
MirrorBlast Campaign Targets Finance Sector Using Macros
-
Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations. The campaign delivers MirrorBlast via a phishing email that contains malicious links.
https://www.inforisktoday.co.uk/mirrorblast-campaign-targets-finance-sector-using-macros-a-17745