TA544 Targeting Italian Organizations with Ursnif Trojan
Proofpoint unearthed about 20 threat campaigns by the TA544 group that deploys the Ursnif banking trojan against 2,000 organizations in Italy. It targeted login portals of a large number of sites, including UniCredit Group, Agenziabpb, ING, BNL, eBay, PayPal, Banca Sella, CheBanca!, and IBK. In some of these campaigns, the threat actor employs geofencing tactics to confirm recipients in targeted geographic regions. Organizations are recommended to stay alert and train employees to spot malicious emails.
