"Malspam Campaign Spoofs Email Chains to Install IcedID Info-Stealer"

The Unit 42 threat research team at Palo Alto Networks shared details about a new phishing campaign operated by the cybercriminal group TA551, also known as Shathak. TA551 is well known for its distribution of malware, such as Ursnif, Valak, and IcedID, to steal information. The phishing campaign targets English, German, Italian, and Japanese-speaking victims. It primarily focuses on distributing IcedID via malicious macros. The campaign sends malicious emails with attached, password-protected zip archives containing Word documents. Once the recipient opens the document and enables its malicious macros, the infection chain begins, and the IcedID malware is installed on the victim's system. According to the research team, TA551 malspam spoofs legitimate email chains using genuine messages gathered from email clients on previously infected Windows hosts. This article continues to discuss recent findings surrounding the new TA551 malspam campaign that spoofs email chains to distribute IcedID malware and other observed changes in the cybercriminal group's traffic patterns and infections. 

SC Media reports "Malspam Campaign Spoofs Email Chains to Install IcedID Info-Stealer"