#TA577

Hackers steal Windows NTLM authentication hashes in phishing attacks

by

March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound … Read more

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

by

December 19, 2023 at 06:33AM The PikaBot malware loader, previously distributed through malspam campaigns, has now been linked to malvertising targeting users seeking software like AnyDesk. It operates as a backdoor, enabling unauthorized remote access and delivery of other malicious tools. PikaBot is employed by threat actors, including TA577, using sophisticated techniques to evade detection … Read more