TA577 has used a variety of malware loaders and Trojans over the years, including Qbot, IcedID, SystemBC, SmokeLoader, Ursnif, and Cobalt Strike; TA578 also used Ursnif, IcedID, KPOT Stealer, Buer Loader, BazaLoader, and Cobalt Strike. Since both groups have had strong connections with IcedID it is not surprising that Proofpoint has found links between Latrodectus’ control and management infrastructure and that associated with IcedID in the past.
In May, law enforcement agencies from several European countries, as well as those in the US and the UK seized thousands of domains and nearly a hundred servers used in the infrastructure of IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, which operate legally. hitting hard on those bots. Dubbed Operation Endgame, the arrests were part of a larger law enforcement effort that continued throughout the year.
Latrodectus: A new rising star
Since then, several security firms have reported increased Latrodectus activity, including Bitsight in June, Trutwave earlier this month, and now Forcepoint. Truewave called it a rising star in the malware world and noted that Operation Endgame probably gave it a boost.
Source link