TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S. - CyberScoop

TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S. - CyberScoop: A criminal hacking group known for authoring the widely used Locky ransomware appears to have new targets in its sights: financial institutions in Singapore, the United Arab Emirates and United States, as well as manufacturing and retail organizations in South Korea. The TA505 group began the campaign last month through tens of thousands of malicious emails, according to researchers at cybersecurity company Proofpoint. The new code is the latest innovation from the group, which is one of the more prolific and adept financially motivated cybercrime organizations. The Windows-based Locky, which emerged in 2016, yielded more than $200 million in ransom payments at its height, according to one estimate. This time, the group is deploying a new piece of malware to download an old remote access tool (RAT) that could have let it steal credentials from a target computer, Proofpoint said. The malware was downloaded in quarantined environments and not at customer sites, meaning there is no evidence that it compromised target …

explicita