Researchers investigated a recent Agent Tesla malware campaign targeting US and Australian organizations, which used phishing emails with fake purchase orders to trick victims into clicking malicious links.  Upon clicking, an obfuscated Agent Tesla sample protected by Cassandra Protector was downloaded and executed, stealing keystrokes and login credentials.  The investigation identified two cybercriminals, Bignosa (the main threat) and Gods, who used a large email database and multiple servers for RDP connections and malware campaigns.  The malware campaign involved a multi-step preparation phase before distributing malicious spam.  The activity of the “Bignosa” threat actor shown on the timeline Document Stop Advanced Phishing Attack With AI AI-Powered Protection for Your Business Email Security Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions.

Source: GBHackers