TA544 threat actors hit Italian firms with Ursnif banking trojan

The IT security researchers at have discovered a new malware campaign in which threat actors from a group called TA544 are targeting in Italy with Ursnif banking .

Ursnif (also known as Gozi) has a history of targeting Italian organizations over the past year. The malware is capable of stealing banking information from targeted computers including credit card data. On the other hand, its variants deliver a variety of payloads including backdoors, , file injectors, etc.

It is also worth noting that in August 2017, a researcher reported a spambot called “Onliner Spambot

As for recent attacks from TA544; according to Proofpoint’s senior threat intelligence analyst Selena Larson, in recently observed campaigns, the group claims to represent Italian courier or energy organizations to solicit payments from targeted individuals.

The campaign’s modus operandi involves phishing and social engineering

Read More: https://www.hackread.com/ta544-threat-actors-italy-ursnif-banking-trojan/