Mastodawn

Josh Lemon Mar 3, 2023

We're starting to see a few more #ThreatActors emerge that are leveraging screenshots as a way to determine further compromising a victim. Make sure your threat #detection includes reoccurring screenshots to catch some of these #ThreatActors early.

Report from Proofpoint on TA866 using #WasabiSeed and #Screenshotter
https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me

Screentime: Sometimes It Feels Like Somebody's Watching Me | Proofpoint US

Key Findings Proofpoint began tracking a new threat actor, TA866. Proofpoint researchers first observed campaigns in October 2022 and activity has continued into 2023. The activity appears to be financially motivated, largely targeting organizations in the United States and Germany. With its custom toolset including WasabiSeed and Screenshotter, TA866 analyzes victim activity via screenshots before installing a bot and stealer. Overview Since October 2022 and contin

Proofpoint

securityaffairs Feb 10, 2023

New #TA886 group targets companies with custom #Screenshotter #malware
https://securityaffairs.com/142077/cyber-crime/ta886-group-screenshotter-malware.html
#securityaffairs #hacking

New TA886 group targets companies with custom Screenshotter malware

The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor […]

Security Affairs