A campaign that started in October is being used to deliver financial malware against entities in the manufacturing and retail sectors. Researchers at the Cybereason Nocturnus group have been following the new campaign closely, determining that it commences with a phishing attack to deliver TrickBot and ultimately delivers a relatively new malware family called Anchor. The campaign seemingly only targets high profile companies. Experts have drawn similarities and links between Anchor and TrickBot, and believe they may have been authored by the same individuals.
Researchers at Cybereason Nocturnus stated that in the attacks they saw, the goal of the hack was to deploy memory-scraping malware in order to extract sensitive data such as credit card information. The researchers have reason to believe that the campaign may be the work of the threat actor group FIN6 which has already been associated with the Magecart 6 group.
Read More: Targeted Attacks Deliver New “Anchor” Malware to High-Profile Companies