At a glance.
- Thread hijacking operation linked to TA578.
- Gun owner data leaked by California Justice Department.
Thread hijacking operation linked to TA578.
Ars Technica details a phishing scam that uses thread hijacking to trick targets into opening a malicious email. Thread hijacking entails taking over an existing, legitimate email thread in order to send the target a seemingly connected email. Acting as if the new email is just a continuation of the previous conversation, the hacker instructs the victim to open an attached file.
Proofpoint explains, “Threat actors use this technique to make the recipient believe they are interacting with a person they trust so they are less likely to be suspicious about downloading or opening attachments they might be sent as part of the conversation. Threat actors commonly steal these benign messages through prior malware infections or account compromises.” The malicious file then installs a malicious downloader, which the threat actors use to execute additional payloads on the compromised machine.
A recent operation of this kind has been traced to TA578, a threat group that works as an initial access broker, using such campaigns to…
