TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

As part of a phishing campaign with an invoice theme, a threat actor identified as TA547 has used an information stealer known as Rhadamanthys to target numerous German firms.

According to Proofpoint, this is the first time that researchers have seen TA547 use Rhadamanthys, an information stealer employed by a number of cybercriminal threat actors. Furthermore, it seems that the actor used a PowerShell script that was produced, presumably, by a large language model (LLM).

A well-known and financially driven threat actor, TA547 has been active since at least November 2017. He distributes a wide range of malware for Windows and Android, including the ransomware Adhubllka, ZLoader, Gootkit, and Ursnif, via email phishing lures.

The organization has developed into an initial access broker (IAB) for ransomware assaults in recent years. It has also been seen using geofencing techniques to limit payloads to particular areas read more TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *