High
Threat actor Common Raven have been active and methods used to perform reconnaissance activities related to financial messages are influenced by the messaging solution. This is done via SQL statements, observing files on disk, browsing the messaging interface’s GUI or even as complex as hooking into legitimate software to intercept function calls. Common Raven methodology to harvest information from the client that uses AutoClient. Threat actor deploys malware to the point where it copies data from the emission and reception folders to a staging folder from where they can read or retrieve the messages.