Home » The TA544 malware exploits the name Agenzia delle Entrate

The TA544 malware exploits the name Agenzia delle Entrate

by admin
The TA544 malware exploits the name Agenzia delle Entrate

Proofpoint has identified a malware campaign attributed to the TA544 group that exploits the name of the Revenue Agency and is aimed against Italian companies. Launched on February 14, the campaign aims to download the Danabot malware via a URL, according to Proofpoint’s Threat Research Team malevolent. If opened from an Italian IP, the URL redirects to the download of a JavaScript file which, when executed, downloads a DLL, executing it with the custom “enter” export to launch DanaBot.

How Danabot works

DanaBot is a modular malware that can be used for collection of information, remote monitoring and to establish persistence within the targeted company. It is not often observed in email campaigns. So its use by TA544 – for the first time ever – is noteworthy.

Warning: the TA544 malware exploits the name of the Revenue Agency

DanaBot had been used by another group, TA578, in an email campaign leading to malware Thief in December 2023. Previously, the last detection was in July 2022. Two recent campaigns using this malware could mean we’ll see it more in email data threats by email. However it may just be a temporary turnaround before returning to other payloads.

See also  Space travel news currently 2023: All details and background information about the next Long March 2 launch

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy