Security analytics firm Niara worked with customers to analyze email traffic and found a number of malicious email campaigns that sophisticated attackers were using to circumvent traditional defenses.
Service-DHL Campaign
In this campaign, attackers attempted to install a RAT (remote access Trojan) used to steal credentials and take screenshots) from the well-documented NetWire malware family. This malware has been used in both targeted attacks and crime campaigns, which are directed at multiple recipients with the goal of probing weak spots that can be used for future exploits.
The campaign targeted an organization for over a month, sending two malicious emails to 29 unique recipients within the organization. Some received an email that contained an HTML file, while the remainder received an email that contained a ZIP file.