"DUCKTAIL Attacks Costing Victims Hundreds of Thousands of Dollars"

According to a new analysis, DUCKTAIL, a Vietnam-based cybercrime operation discovered by WithSecure earlier this year, has continued to evolve its operations. DUCKTAIL has been using LinkedIn to target individuals and organizations using Facebook's Ads and Business platform in order to hijack Facebook Business accounts since 2021. However, following a report detailing DUCKTAIL's activities, the group has altered its operations to circumvent defenses and expand its operations. Until now, the operational team behind DUCKTAIL appeared to be small, but that has changed, according to Mohammad Kazem Hassan Nejad, Researcher for WithSecure Intelligence. Recently observed DUCKTAIL activity included several changes to their mode of operation. Its activity includes new channels for spear-phishing targets, such as WhatsApp. The group modified malware capabilities to include a more robust method of retrieving attacker-controlled email addresses and making the malware appear more legitimate by launching dummy documents and video files. It has made ongoing efforts to avoid detection by changing file formats and compilation, as well as countersigning certificates. There has been additional resource development and operational expansion through the establishment of additional fake businesses in Vietnam and the integration of affiliates into the operation. Ransomware attacks receive a lot of attention, but threats like DUCKTAIL can cause significant financial and brand damage and should not be ignored, according to Paolo Palumbo, Vice President of WithSecure Intelligence. With increased activity, new affiliates, and fake businesses, DUCKTAIL-related incidents are expected to rise in the near future. This article continues to discuss findings regarding DUCKTAIL's recent activity. 

Cision reports "DUCKTAIL Attacks Costing Victims Hundreds of Thousands of Dollars"