Widespread phishing campaign deployed by reemerging TA866

Threat operation TA866 has reemerged with a new massive phishing campaign aimed at North America after being absent from the threat landscape for nine months, The Hacker News reports. Thousands of fraudulent invoice emails that included PDF attachments with malicious OneDrive URLs were leveraged by attackers to facilitate the distribution of a WasabiSeed and Screenshotter malware variant, according to a Proofpoint report. Such a campaign had a nearly identical attack chain as TA866's phishing campaign last February, except for the group's shift to TA571's spam service in the new attacks. "TA571 is a spam distributor, and this actor sends high volume spam email campaigns to deliver and install a variety of malware for their cybercriminal customers," said Proofpoint researcher Axel F. The findings come amid reports of increasingly sophisticated phishing tactics, with Trellix recently noting the integration of Call To Action URLs within phishing emails to better evade detection by security systems.