Ursnif (also known as Gozi) has a history of targeting Italian organizations over the past year. The malware is capable of stealing banking information from targeted computers including credit card data. On the other hand, its variants deliver a variety of payloads including backdoors, spyware, file injectors, etc.
As for recent attacks from TA544; according to Proofpoint’s senior threat intelligence analyst Selena Larson, in recently observed campaigns, the group claims to represent Italian courier or energy organizations to solicit payments from targeted individuals.
The campaign’s modus operandi involves phishing and social engineering