Russian TA505 threat actor target financial entities worldwide April 17, 2019 https://securityaffairs.co/wordpress/84072/hacking/russian-ta505-financial-attacks.html Cyberint: "Legit Remote Admin Tools turn into Thread Actor Tools – TA505 and other Threat Actors targeting US retailers and financial organizations in Europe, APAC and LATAM" (PDF - 2.16 MB): Spoiler: Download https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf
TA505 hackers thwarted at the door of a big financial org April 24, 2019 https://www.cyberscoop.com/ta505-hack-stopped-cybereason-locky-ransomware/ Cybereason: Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
The Stealthy Email Stealer in the TA505 Arsenal May 16, 2019 https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/
Russian Threat Group TA505 Is Out Phishing: Hijacks Legitimate Remote Access Tools May 20, 2019 https://blog.cyberint.com/threat-group-ta505-phishing-hijacks-remote-access-tools
This hacking gang just switched its malware attacks to a new target https://www.zdnet.com/article/this-hacking-gang-just-switched-its-malware-attacks-to-a-new-target/
Positive Technologies: TA505 rising to become world's most dangerous cybercriminal group With attacks on dozens of targets in 64 countries in a six-month period, TA505 now threatens more than just financial companies October 3, 2019 https://www.ptsecurity.com/ww-en/ab...me-worlds-most-dangerous-cybercriminal-group/
New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns October 16, 2019 https://www.bleepingcomputer.com/ne...ccess-trojan-used-in-ta505-malspam-campaigns/ Proofpoint: TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Microsoft Detects New TA505 Malware Attacks After Short Break January 30, 2020 https://www.bleepingcomputer.com/ne...-new-ta505-malware-attacks-after-short-break/
TA505 hacking crew spent much of 2019 trying to breach South Korea's financial sector https://www.cyberscoop.com/ta505-south-korea-bank-phishing/
Cyberthreat Intelligence Report: Profiling of TA505 Threat Group February 28, 2020 https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do [FSI Intelligence Report]TA505 Threat Group Profiling_En.pdf (PDF - 8.11 MB): https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2297.do [FSI Intelligence Report]TA505 Threat Group Profiling(Abridged)_En.pdf (PDF - 1.78 MB): https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2298.do
TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover The custom RAT offers persistent access, data exfiltration and lateral network movement April 14, 2020 https://threatpost.com/ta505-crime-gang-sdbbot-corporate-network-takeover/154779/ IBM X-Force: TA505 Continues to Infect Networks With SDBbot RAT
Russia-Linked TA505 targets financial institutions in a new malspam campaign October 16, 2021 https://securityaffairs.co/wordpress/123441/breaking-news/ta505-mirrorblast-malspam-campaign.html Morphisec: Explosive New MirrorBlast Campaign Targets Financial Companies
TA505 Gang Is Back With Newly Polished FlawedGrace RAT October 19, 2021 https://threatpost.com/ta505-retooled-flawedgrace-rat/175559/ Proofpoint: Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
TA505 Seen Using P2P RAT in New Operations December 1, 2021 NCC Group: Tracking a P2P network related to TA505