{"id":2419,"date":"2022-10-10T13:06:46","date_gmt":"2022-10-10T07:36:46","guid":{"rendered":"https:\/\/kdmarc.com\/blog\/?p=1340"},"modified":"2025-01-22T15:33:04","modified_gmt":"2025-01-22T10:03:04","slug":"ta551-malspam-campaign-spoofed-email-chain-to-spread-malware","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/","title":{"rendered":"TA551 Malspam: Spread Malicious Email Campaigns"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">An email-based malware distribution campaign has tried to disguise spam as an email chain and launch a spoofing attack. TA551, also known as Shathak, the infamous group that spreads malware like Ursnif and Valak, is behind this operation. To carry out the operation, the group uses real messages. These messages have been stolen from previously infected hosts.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#How_does_TA551_Malspam_Work\" >How does TA551 Malspam Work?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#TA551_Recent_Modifications\" >TA551 Recent Modifications<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Recent_TA551_attack_using_stealers\" >Recent TA551 attack using stealers<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#How_to_Stop_the_TA551_Malspam_Campaign_Spoofed_Email\" >How to Stop the TA551 Malspam Campaign Spoofed Email?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Senders_name_spoofing\" >Sender\u2019s name spoofing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Senders_domain_spoofing\" >Sender\u2019s domain spoofing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Look-alike_spoofing\" >Look-alike spoofing<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#Effective_and_Reliable_Protection_from_the_TA551_Group\" >Effective and Reliable Protection from the TA551 Group<\/a><\/li><\/ul><\/nav><\/div>\n\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">This campaign often targets English speakers to spread Ursnif, Valak, and other information-stealing malware. However, since mid-July 2020, this campaign has exclusively been spreading IcedID, another info-stealer malware. And as of now, the campaign has also started targeting German, Italian, and Japanese speakers.<\/span><\/p>\n\n<style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n<div class=\"row\">\n<div class=\"colLeft\">\n<p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n<p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n\n<div>\n<div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\">\n<div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a><\/div>\n<\/form><\/div>\n<\/div>\n<\/div>\n<div class=\"colRight\">\n<div>\n<div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_does_TA551_Malspam_Work\"><\/span><span style=\"color: #000000;\"><strong>How does TA551 Malspam Work?<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div class=\"wp-block-image wp-image-8152 size-full\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1602\" height=\"1018\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/10\/Spoofed-Email-Chain@2x-100.jpg\" alt=\"TA551 Chain of Event\" class=\"wp-image-8152\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">TA551: Groups\u2019 Chain of Events<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The group sends emails with an attached, password-protected ZIP archive containing a Microsoft Word document. The message informs the user of a password to open the attachment.<\/span> <span style=\"font-weight: 400;\">On opening the Zip archive and entering the password, the user finds a Microsoft Word document with macros. When the victim enables macros on an exposed Windows computer, the victim\u2019s host downloads an installer DLL for IcedID malware. However, recently they put a few changes in their attack pattern.<\/span><\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The TA551 group spread TrickBot and BazarBackdoor via malicious documents, in Microsoft Word document format. They store the infected documents in a password-protected archive file. After then they attach those infected documents to the phishing emails.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">When you need to repeat a task, you can use a macro to automate the process. <\/span><span style=\"font-weight: 400;\">These specific infected documents have a macro, that a user run by opening the document and allowing macro execution.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The macro executes a file using the mshta.exe Windows utility after dropping a Microsoft Hypertext Markup Language (HTML) Applications (HTA) document on the file system. A malicious actor is able to execute malicious HTA files by using mshta.exe and bypass applications that don\u2019t account for its use.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"TA551_Recent_Modifications\"><\/span><strong><span style=\"color: #000000;\">TA551 Recent Modifications<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">So far, TA551 has been following specific traffic patterns. However, it has changed as of now since October 2020. The URLs generated by Word Macros follow a noticeable pattern, such as:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">&#8220;php?l=&#8221; in the URL path<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">URLs end with &#8220;.cab&#8221;<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">But since November 2020, experts have noticed some changes in the pattern of generating the URLs by<\/span><a href=\"https:\/\/gbhackers.com\/information-stealer-malware-icedid\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> <span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>TA551 during IceID infection<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\">. The possible reason for the changes from the campaign could be an attempt to evade detection. At the very least, they can baffle the user conducting forensic analysis on an infected host.<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Recent_TA551_attack_using_stealers\"><\/span><strong><span style=\"color: #000000;\">Recent TA551 attack using stealers<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">In a recent study by <\/span><a href=\"https:\/\/cyware.com\/news\/ta551-now-spreading-icedid-stealer-via-spoofed-emails-c090b741\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>Cyware Social<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\">, TA551 (aka Shathak) has been targeting English-speaking victims with this malware distribution campaign. Multiple malware families, including Ursnif and Valak, have been distributed by TA551 since the beginning of 2022.<\/span><\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">An <\/span><a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/01\/cryptocurrency-stealer-for-windows-macos-and-linux-went-undetected-for-a-year\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>ElectroRAT stealer<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\"> for macOS, Windows, and Linux was recently uncovered after being undiscovered for nearly a year.<\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Furthermore, a <\/span><a href=\"https:\/\/www.databreachtoday.asia\/fresh-python-based-trojan-designed-as-information-stealer-a-15600\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>PyMicropsia stealer<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\"> associated with AridViper (a hacker team) was discovered operating in the Middle East.<\/span><\/span><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Stop_the_TA551_Malspam_Campaign_Spoofed_Email\"><\/span><strong><span style=\"color: #000000;\">How to Stop the TA551 Malspam Campaign Spoofed Email?<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">When it comes to <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/email-spoofing\/\"><b><span style=\"color: #183994;\">email spoofing<\/span><\/b><\/a><span style=\"font-weight: 400;\">, it can take many of the following forms:<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Senders_name_spoofing\"><\/span><span style=\"color: #000000;\"><b>Sender\u2019s name spoofing<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Hackers impersonate the identity or the sender\u2019s name that the recipient might trust in order to trick the recipient. As a result, the recipient ends up providing sensitive information or credentials.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Senders_domain_spoofing\"><\/span><span style=\"color: #000000;\"><b>Sender\u2019s domain spoofing<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Malicious actors fake the sender\u2019s email address or the domain name that is legitimate and trusted by the recipient.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Look-alike_spoofing\"><\/span><span style=\"color: #000000;\"><b>Look-alike spoofing<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">In this case, the malicious actors copy the sender\u2019s name or domain, which looks alike but differs in a character. The goal these domains have is to impersonate someone and make money or steal data.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">As an organization, you should implement certain cybersecurity protocols to protect your domain against cyber criminals. If your organization neglects to implement the protocols, there is no check on the sender\u2019s authentication and it is highly susceptible to spoofing attacks.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Effective_and_Reliable_Protection_from_the_TA551_Group\"><\/span><strong><span style=\"color: #000000;\">Effective and Reliable Protection from the TA551 Group<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">There are several cybersecurity measures to protect your organization\u2019s email domain and prevent malicious actors from misusing the domain. An organization must embrace certain protocols to control attacks. Also, to prevent your email domain from being used in spam and spreading malicious links or attachments, your organization should adopt the following approaches:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><b>Sender Policy Framework (SPF): <\/b><span style=\"font-weight: 400;\">An <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/spf-authentication\/\"><b><span style=\"color: #183994;\">SPF<\/span><\/b><\/a><span style=\"font-weight: 400;\"> record is added to the DNS records so that the recipient\u2019s mail server can verify if the sender\u2019s IP address matches and if it is authorized to send emails on behalf of the sender\u2019s email domain.<\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Domain Key Identified Mail (<\/b><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/dkim\/\"><b><span style=\"color: #183994;\">DKIM<\/span><\/b><\/a><b>): <\/b><span style=\"font-weight: 400;\">Every email sent from your email domain includes a digital signature in the header field. The receiving server verifies the unique signature to authenticate the email.<\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Domain-based Authentication Reporting and Conformance (DMARC):<\/b><span style=\"font-weight: 400;\"> Implementing <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/what-is-dmarc\/\"><b><span style=\"color: #183994;\">DMARC<\/span><\/b><\/a><span style=\"font-weight: 400;\"> provides you with the ability to know how many emails are sent out from your email domain and who sent the emails. It also gives you information about the emails that failed to deliver and the reason for the failure.<\/span><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">To secure your domain, the smart and easy solution for email spoofing is to implement DMARC. Our tool, <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/tdmarc\"><span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>TDMARC<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\"> from Threatcop, ensures that your email domain is safe against domain forgery.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">TDMARC is a GCA-certified email authentication protocol that monitors DMARC, <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/spf-and-dkim\/\"><span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>SPF and DKIM<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\"> to give your organization a compliance report. The report gives you detailed insights into the organization\u2019s outbound emails.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">It provides information on how many emails are flowing through the domain and how many are landing in the receiver\u2019s inbox. And good news for a non-technical person, it is user-friendly and easy to understand the report because it gives you a clear picture with a graph.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The tool lets you determine whether your domain\u2019s outbound emails that fail DMARC authentication reach the recipient\u2019s inbox, are redirected to spam, or are bounced back. Hence, it also boosts email engagement rates since your organization\u2019s legitimate emails will end up in the receiver\u2019s inbox every time an email is sent.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Malicious actors Impersonating your email domain not only brings you loss in terms of money but also abuses your brand and harms the customer\u2019s trust in relying on your service. Therefore, an organization must secure the email domain and protect the brand and trust it has to build.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An email-based malware distribution campaign has tried to disguise spam as an email chain and launch a spoofing attack. TA551, also known as Shathak, the infamous group that spreads malware like Ursnif and Valak, is behind this operation. To carry out the operation, the group uses real messages. These messages have been stolen from previously [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7469,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47],"tags":[],"class_list":["post-2419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-miscellaneous"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TA551 Malspam: Spread Malicious Email Campaigns | Threatcop<\/title>\n<meta name=\"description\" content=\"An email-based malware distribution campaign has been attempting to disguise spam as an email chain and launch a spoofing attack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TA551 Malspam: Spread Malicious Email Campaigns | Threatcop\" \/>\n<meta property=\"og:description\" content=\"An email-based malware distribution campaign has been attempting to disguise spam as an email chain and launch a spoofing attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-10T07:36:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-22T10:03:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/01\/TA551-Malspam-Campaign-Spoofed-Email.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"TA551 Malspam: Spread Malicious Email Campaigns\",\"datePublished\":\"2022-10-10T07:36:46+00:00\",\"dateModified\":\"2025-01-22T10:03:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/\"},\"wordCount\":1048,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/TA551-Malspam-Campaign-Spoofed-Email.webp\",\"articleSection\":[\"Miscellaneous\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/\",\"name\":\"TA551 Malspam: Spread Malicious Email Campaigns | Threatcop\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/TA551-Malspam-Campaign-Spoofed-Email.webp\",\"datePublished\":\"2022-10-10T07:36:46+00:00\",\"dateModified\":\"2025-01-22T10:03:04+00:00\",\"description\":\"An email-based malware distribution campaign has been attempting to disguise spam as an email chain and launch a spoofing attack.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/TA551-Malspam-Campaign-Spoofed-Email.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/TA551-Malspam-Campaign-Spoofed-Email.webp\",\"width\":1250,\"height\":1200,\"caption\":\"TA551\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TA551 Malspam: Spread Malicious Email Campaigns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/cropped-original-logo-TC.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/cropped-original-logo-TC.png\",\"width\":951,\"height\":228,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TA551 Malspam: Spread Malicious Email Campaigns | Threatcop","description":"An email-based malware distribution campaign has been attempting to disguise spam as an email chain and launch a spoofing attack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/","og_locale":"en_US","og_type":"article","og_title":"TA551 Malspam: Spread Malicious Email Campaigns | Threatcop","og_description":"An email-based malware distribution campaign has been attempting to disguise spam as an email chain and launch a spoofing attack.","og_url":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2022-10-10T07:36:46+00:00","article_modified_time":"2025-01-22T10:03:04+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/01\/TA551-Malspam-Campaign-Spoofed-Email.webp","type":"image\/webp"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"TA551 Malspam: Spread Malicious Email Campaigns","datePublished":"2022-10-10T07:36:46+00:00","dateModified":"2025-01-22T10:03:04+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/"},"wordCount":1048,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/01\/TA551-Malspam-Campaign-Spoofed-Email.webp","articleSection":["Miscellaneous"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/","url":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/","name":"TA551 Malspam: Spread Malicious Email Campaigns | Threatcop","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/01\/TA551-Malspam-Campaign-Spoofed-Email.webp","datePublished":"2022-10-10T07:36:46+00:00","dateModified":"2025-01-22T10:03:04+00:00","description":"An email-based malware distribution campaign has been attempting to disguise spam as an email chain and launch a spoofing attack.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/01\/TA551-Malspam-Campaign-Spoofed-Email.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/01\/TA551-Malspam-Campaign-Spoofed-Email.webp","width":1250,"height":1200,"caption":"TA551"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/ta551-malspam-campaign-spoofed-email-chain-to-spread-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"TA551 Malspam: Spread Malicious Email Campaigns"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/cropped-original-logo-TC.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/cropped-original-logo-TC.png","width":951,"height":228,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/2419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=2419"}],"version-history":[{"count":9,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/2419\/revisions"}],"predecessor-version":[{"id":12206,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/2419\/revisions\/12206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/7469"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=2419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=2419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=2419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}