This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A new hacking gang TA2721 also commonly known as Caliente Bandits has been tracked by Proofpoint researchers since January 2021. As per the researchers, the group is actively targeting many industries, primarily focusing on entertainment and finance.
The organization is distributing a known but rarely employed, RAT trojan known as Bandook; they are using the Spanish language lures to do so. Researchers have labeled the group ‘Caliente Bandits’ as they use the hot-mail accounts. The Spanish term “Caliente” refers to “hot.”
Researchers with evidence had started tracking this group in January 2021 and it was observed around April that TA2721 distributes Bándok’s weekly email threats. Although the group is attacking several organizations across the world, those with Spanish surnames remain the primary target. It is worth noting that the ESET cybersecurity company initially disclosed malware data used by the group.
The campaign uses the very same budget or transaction theme to encourage users to download a PDF repetitively. A URL and password are included in the attached PDF which leads to the installation of a Bandook password-protected package.
According to Proofpoint, TA2721 sent emails in 2021, to fewer than 100 organizations. This list covered institutions in the United States, Europe, and South America. These attacks concentrated mostly on organizations with Spanish surnames like Pérez, Castillo, Ortiz, etc.
Reportedly, two variants of Bandook, commodities malware, were spre
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Caliente Bandits Target Spanish Speaking Individuals to Spread Bandook Malware