A recent wide-ranging campaign shows how APT10 is broadening its victimology beyond Japanese organizations.
The threat group has been using a new initial access vector and a novel malware family in the first stages of its attack.
Attackers are using compromised Microsoft Exchange servers to launch thread-hijacking attacks that infect victims with the IcedID malware.
A new initial access broker known as Exotic Lily has used exploits for zero days and sells network access to cybercrime teams such as FIN12 for ransomware deployment.
Researchers have observed attackers leveraging email thread hijacking tactics to spread the Qakbot malware, which in turn deploys multiple payloads.