back to article Email phishing crapcannon operators TA505 are back from the dead, researchers warn

A prolific email phishing threat actor – TA505 – is back from the dead, according to enterprise security software slinger Proofpoint. TA505, which was last active in 2020, restarted its mass emailing campaigns in September – armed with new malware loaders and a RAT. "Many of the campaigns, especially the large volume ones, …

  1. Anonymous Coward
    Anonymous Coward

    Unimaginative template spam

    Anything to do with the many messages I'm getting with no content at all, with a .rar attached with an obfuscated link to who knows where? I wonder who clicks on those attachments, and unrar them, and click on the HTML file, without a compelling story.

    1. Anonymous Coward Silver badge
      Holmes

      Re: Unimaginative template spam

      The gullible and simple-minded, that's who. Handily that group overlaps nicely with the people who are likely to hand over money/whatever.

      Level 1 of target filtering.

      1. Doctor Syntax Silver badge

        Re: Unimaginative template spam

        Those who have been trained to click on links in spam by many years of dedicated effort of their banks' marketing teams.

        1. Anonymous Coward
          Anonymous Coward

          Re: Unimaginative template spam

          Let's not forget Windows in that context..

    2. Anonymous Coward
      Anonymous Coward

      Re: Unimaginative template spam

      Sadly plenty of users would. Excuses I've heard (after they've become victims of ransomware and we've found who opened the infected document) include that they thought it might have been an order, and that they'd assumed something was wrong at their end which is why it appeared blank, so assumed the contents of the attachment would provide more info... even when MS Office warns them 3 or 4 times that opening / enabling the content is a REALLY bad idea, and are they really sure.

  2. trindflo

    Haven taken apart some of them, the links I saw connect to something that looks like a Microsoft 365 server and attempts to trick the browser into disgorging credentials saved in the browser.

  3. Anonymous Coward
    Anonymous Coward

    And they call ME incompatible..

    Is that because those nefarious macros never quite execute in LibreOffice?

    /s

    1. bombastic bob Silver badge
      Devil

      Re: And they call ME incompatible..

      It's the lack of 32-bit ActiveX support UNDER LINUX (or FreeBSD)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021