Threat actors with access to stolen, sensitive data have many options to utilize this data in a malicious manner. In this case, the threat group decided to use confidential data as lures in phishing emails to carry out a second attack against victims. Whenever a company is alerted to a breach and makes it public, all customers who believe they may have had data compromised should remain vigilant to the use of this data in social engineering attacks, in order to prevent further harm. Such attacks may take the form of lures using legitimate account data, and can also take the form of compromised legitimate email reply chains between trusted parties. It is highly recommended that users contact trusted parties directly to verify or confirm the legitimacy of such email. Organizations can also implement a defense in depth strategy that focuses on post compromise activities, such as data exfiltration. Binary Defense’s offerings are an excellent solution to such needs.
BitRAT campaign relies on stolen sensitive bank data as a lure
