Several organizations across Germany have been targeted by suspected initial access broker TA547, also known as Scully Spider, with attacks using a generative artificial intelligence-based PowerShell to deliver the Rhadamanthys information-stealing malware, reports BleepingComputer. Intrusions commenced with the distribution of phishing emails spoofing German wholesaler Metro Cash & Carry with a password-protected ZIP archive containing a malicious LNK file triggering PowerShell execution of a remote script, according to a Proofpoint report.

Source: SC Magazine