G-Data Software reports new TTPs linked to Agent Tesla, one of the most popular information stealers. Agent Tesla samples were delivered in archived format leveraging ZPAQ compression format, quite an unusual software which raised a hypothesis on the campaign; i.e., the attacker - which remains to be identified - may be targeting a specific group of technical users. ZPAQ is an open-source solution which is available for any Linux and Windows system. The samples that were identified and analyzed leverage Telegram, FTP, and SMTP for data exfiltration.
- Clipeus
Comments