While some hacking groups are employed by governments and used to do their bidding in various campaigns, other hacking groups are financially motivated purely. The TAT505 group belongs to the latter category. This hacking group’s activity was first spotted in 2017 and has been monitored ever since. They target businesses operating in the finance industry, mostly. On the 7th of September, they launched an attack targeting victims in Sweden, Singapore, Greece, Georgia and other places. The propagation method utilized by the TAT505 hacking group was bogus emails containing infected attachments. The attachment was tailored to look like a legitimate Excel document so that the user does not sense that something fishy is going on. If the targeted person opens the attachment, it will trigger the launch of the Get2 Trojan downloader. This Trojan is used to pave the way for the planting of additional malware to the compromised system. There have been four separate threats that served as a secondary payload in the Get2 Trojan downloader campaigns. Among them was the SDBbot RAT (Remote Access Trojan).
When the Get2 Trojan downloader plants the SDBbot RAT on the host successfully, the Remote Access Trojan will connect the attackers’ C&C (Command & Control) serve immediately. Then, the SDBbot Trojan will wait for instructions from the TAT505 group. This Trojan has a list of capabilities, which include:
- Browse directories.
- Modify directories.
- View directories.
- Establish a RDP (Remote Desktop Protocol) connection.
- Use the Windows Command Prompt to execute various commands.
- Hijack the system and use it as a proxy server for other threatening operations.
- Take screenshots of the active windows and the desktop.
- Record videos of the desktop, tabs and windows.
- Activate Sleep mode.
- Restart the system.
- Shut the system down.
The TAT505 is not taking any breaks – it is working hard on developing new and more weaponized hacking tools. These evil-minded actors are definitely not to be underestimated. If you want to keep your system safe from such threats, make sure you download and install a legitimate anti-virus software suite. Also, do not forget to update all the software on your system regularly to minimize the chances of a breach.