Cert2Connect

TA547 Targets German Organizations With Rhadamanthys Stealer

Cyber threat actor TA547 was discovered targeting German organizations with an email campaign delivering Rhadamanthys malware. This is the first time TA547 has been observed using Rhadamanthys an information stealer used by multiple cybercriminals. The emails impersonated the German retail company Metro and targeted various industries in Germany. The emails contained a password-protected ZIP file which when executed triggered a PowerShell script that decoded the Rhadamanthys executable file and executed the malicious code in memory Interestingly the PowerShell script used to load Rhadamanthys contained characteristics suggesting it was generated by a large language model (LLM) indicating that TA547 may have used an LLM-enabled tool to write the script or copied it from another source.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak