A new hacker identified as TA886 targets organizations in the US and Germany with the new custom malware tool “Screenshotter” to perform surveillance and data theft on infected systems.
In December 2022, the security firm reported that the number of emails sent in TA886 grew exponentially, and continued to grow in January 2023. The emails were either written in English or German, depending on the target. If the recipients of these emails click on the URLs, a multi-step attack chain is started, which results in the download and execution of the new malware tool “Screenshotter” used by TA886. This tool captures JPG screenshots from the victim’s machine and sends them to the threat actor’s server for review. The attackers then manually examine these screenshots to determine the value of the victim, the report mentioned.
Proofpoint says TA886 is actively involved in the attacks, analyzing stolen data and sending commands to its malware at times that correspond to a typical workday in different time zones.
Sniper Watch can automatically block application-level access to a set of applications that attempt to make a call for access to data. Get deeper contextual visibility with our next-generation Network & Application-level access control and stop this malicious behavior from materializing on your assets. Call us today! +1 (888) 516-3199, Option #1