Abuse.ch cybersecurity experts: Corporate web proxy operators shoud block outgoing network traffic towards api.telegram .org. The malware until now exploited FTP or SMTP.
The Shatak/TA551 template is the new cybercrime’s trend to spread malware. The cyber security experts: It’s used in many campaigns – from Ursnif/Gozi to IcedID – and different countries at the same time. Furthermore, payloads are changed periodically
Cybercrime gangs are increase using the threat actor Shatak/TA551 template to spread malware with Office documents. From Ursnif/Gozi to IcedID, passing through Valak. It emerged in recent campaigns that are hitting many countries. Cyber security experts believe that this practice could be a trend. The attacks that exploit it in fact hit everywhere worldwide, from Europe (especially Italy and Germany) to the United States. Moreover, the template is used in many ways. Sometimes just the image, and others in depth. This, combined with the cyber criminal practice of changing the payload periodically and using the same malicious files in different operations and countries, complicate the work for malware analysts. In particular, when they try to understand the TTPs behind the campaigns.