Summary:

Researchers at Proofpoint have detected the reappearance of the threat group TA866 in a targeted OneDrive campaign. The campaign involved malicious emails with invoice-themed disguises and PDF attachments that directed users through an infection chain to deploy malware. The attack closely resembled a previous campaign attributed to TA571 and TA866. Notable changes in this campaign included the use of PDF attachments with OneDrive links instead of macro-enabled Publisher attachments, and the attribution of post-exploitation tools to TA866. The return of TA866 after a hiatus of nine months aligns with the increasing threat activity in 2024.

Hashtags:

#TA866 #cybersecurity #emailthreat #OneDrive #malware #PDFattachments #infectionchain #TA571 #financialmotivation

https://www.infosecurity-magazine.com/news/ta866-target-onedrive-campaign/