Hey everybody, it's @threatresearch taking control of the Sophos X-Ops Mastodon feed with an update about the #research I've been working on for several weeks with my Labs and #MDR colleagues, just published this morning.
In February, a #tax #accounting firm reached out to us about a strange email exchange they had (and the aftermath), and the more we started digging, the more we found.
The big takeaway is that an unknown threat actor group appears to have been targeting the kinds of small- to medium-sized businesses that perform tax preparation services in the United States with a social engi... show moreHey everybody, it's
@threatresearch taking control of the Sophos X-Ops Mastodon feed with an update about the #
research I've been working on for several weeks with my Labs and #
MDR colleagues, just published this morning.
In February, a #
tax #
accounting firm reached out to us about a strange email exchange they had (and the aftermath), and the more we started digging, the more we found.
The big takeaway is that an unknown threat actor group appears to have been targeting the kinds of small- to medium-sized businesses that perform tax preparation services in the United States with a social engineering method that kept their activities under the radar...until it delivered #
malware to those targets. The campaign seemed to start in late January and has ramped up significantly in the past few weeks. There are thousands of CPA and accounting businesses in the US and this is their busiest time of the year, and they handle a lot of financially sensitive documents.
The delivery method was a type of malware called #
GuLoader, and the payload was a commodity #
RAT malware called #
remcosA short thread begins here:
https://news.sophos.com/en-us/2023/04/13/tax-firms-targeted-by-precision-malware-attacks/
CPAs and accountants received solicitations for tax filing business that were just a social engineering ploy
Sophos News
