"TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks"

Cybersecurity researchers have detailed a previously unknown software control panel used by TA505, a financially motivated threat group. According to the Swiss cybersecurity firm PRODAFT, the group often changes its malware attack strategies in response to global cybercrime trends. It adopts new technologies opportunistically in order to gain leverage over victims before the rest of the cybersecurity industry catches up. TA505, also known as Evil Corp, Gold Drake, Dudear, Indrik Spider, and SectorJ04, is an aggressive Russian cybercrime syndicate responsible for the infamous Dridex banking Trojan and has been linked to several ransomware campaigns in recent years. It is also linked to the Raspberry Robin attacks, which first surfaced in September 2021, with similarities discovered between the malware and Dridex. Other malware families associated with the group include FlawedAmmyy, the Neutrino botnet, and ServHelper, a backdoor capable of downloading FlawedGrace, a Remote Access Trojan (RAT). The adversary is said to use the TeslaGun control panel to manage the ServHelper implant, acting as a command-and-control (C2) framework to commandeer the compromised machines. Furthermore, the panel allows attackers to issue commands, as well as send a single command to all victim devices or configure the panel so that a predefined command is automatically executed when a new victim is added to the panel. This article continues to discuss TA505's use of TeslaGun. 

THN reports "TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks"