TA577 has used a wide range of malware loaders and Trojans overs the years, together with Qbot, IcedID, SystemBC, SmokeLoader, Ursnif, and Cobalt Strike; TA578 has additionally used Ursnif, IcedID, KPOT Stealer, Buer Loader, BazaLoader, and Cobalt Strike. Since each teams had a powerful reference to IcedID it’s not stunning that Proofpoint discovered hyperlinks between Latrodectus command-and-control infrastructure and that related to IcedID prior to now.
In Might, regulation enforcement businesses from a number of European international locations, together with these within the US and the UK seized 1000’s of domains and round 100 servers used within the command infrastructure of IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, dealing a severe blow to these botnets. Dubbed Operation Endgame, the seizure was half of a bigger regulation enforcement effort that has continued all year long.
Latrodectus: A brand new rising star
Since then, a number of security companies have reported a rise in Latrodectus exercise, together with Bitsight in June, Trustwave earlier this month, and now Forcepoint. Trustwave known as it a rising star within the malware world and famous that Operation Endgame possible gave it a lift.
