Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
A campaign is found using malicious files posed as resumes, sent as a job application. The researchers dubbed the campaign “The Curious Case of the Criminal Curriculum Vitae”. The campaign is attributed to a known cybercriminal organization TA505, also known as “Evil Corp.” One of the most infamous campaigns associated with this organization was the necurs botnet, which was recently overtaken by Microsoft.
In this newly discovered campaign from TA505, threat actors targeted German companies with trojanized emails disguised as job applicants. While this activity appeared to be geographically based in Germany, these same techniques could easily be applied to any organization worldwide. Once the email attachment was activated, a company’s secure credentials and credit card data could be transmitted covertly to the threat actors. The group TA505 is known to use commercial tools to encrypt all the users files, which suggests this recent activity could also lay the groundwork for an infection vector into the company’s network to encrypt files. They are also capable of fetching an instance of Netsupport, a commercial remote administration tool, hosted on a user’s Google Drive account. This enables a host of actions, including remote file transfer, screen captures, and even voice recordings. Since these threat actors are abusing legitimate binaries such as GPG tools and NetSupport, they are unlikely to be removed by traditional antivirus software. Below information of a target is sent to the C2.
The threat actor controlled C2 is located at URI hxxp://194.36.189[.]215/firstga990.php.
Domain Name
MD5
SHA-256
Source IP
URL