image credit: Pixabay

Russia-Linked Cybercriminals Use Legitimate Tools in Attacks on German Firms

March 20, 2020

Also referred to as Evil Corp, TA505 is best known for the use of the Dridex Trojan and the Locky ransomware, but has been leveraging numerous other malware families, including BackNet, Cobalt Strike, ServHelper, Bart ransomware, FlawedAmmyy, SDBbot RAT, DoppelPaymer ransomware, and others.

TA505 was previously associated with the Necurs botnet that Microsoft dismantled last week. Necurs was dormant since March last year, and Prevailion pointed out that while Microsoft’s actions likely hampered the group’s operations, “criminal enterprises like these run multifaceted operations at any given time in order to continuously compromise victims across the globe.”

Read More on Security Week