FlawedGrace RAT Leads the Change in TA505's Latest Campaign
The FlawedGrace RAT is a new piece of malware that the TA505 Advanced Persistent Threat (APT) actors use. Previously, traces of this malware were spotted in the ServHelper campaign that the same gang was responsible for. The activity of the TA505 hackers never died down fully, but it was certainly on the lower levels for a while. However, their most recent campaign appears to be more active, and the FlawedGrace RAT has infected a large number of victims in various industries over the past month.
The TA505 hackers specialize in financially-motivated attacks, and this is the exact purpose of the FlawedGrace RAT. This Remote Access Trojan (RAT) has been identified on the networks of companies operating in the retail, restaurant, and finance business. The criminals are approaching their victims through spearphishing emails that contain a malicious Microsoft Excel attachment. Often, the topic of the decoy document claims to be associated with legal topics or health claims.
FlawedGrace RAT is Delivered through Spearphishing Emails
Although the campaign started off using email attachments exclusively, the attackers are now using payloads hosted on external URLs as well. Once a system is compromised, the criminals use the implant to gather sensitive information, tamper with the file system, and introduce additional payloads. It is worth mentioning that the TA505 hackers are infamous for their continuously evolving approaches, tactics, and implants – this makes them difficult to track.
Although the attacks of the FlawedGrace RAT are focused on specific industries, there is no data about the geographic locations that the criminals target. Judging by previous campaigns, these criminals do not hesitate to go after networks across multiple continents. Protecting your network from the FlawedGrace RAT attack requires the use of quality anti-malware software, as well as the latest security patches. Naturally, all employees should be familiar with the dangers of spearphishing emails, and how to avoid them.