The criminal threat group known as TA551 has added the Sliver red-teaming tool to its bag of tracks – a move that may signal ramped up ransomware attacks ahead, researchers said.
According to Proofpoint researchers, TA551 (aka Shathak) has been mounting cyberattacks that start with email thread hijacking – an increasingly popular tactic in which adversaries insert themselves into existing email conversations. In one offensive seen just this week, the messages contained password-protected zipped Word documents. If opened and macros enabled, the attachments ultimately lead to the download of Sliver, an open-source, cross-platform adversary simulation and red-team platform.
Read more…
Source: ThreatPost