Threat actor used Vimeo, Ars Technica to serve second-stage malware

A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, Vimeo, GitHub and GitLab to surreptitiously deliver malware. Another interesting detail about UNC4990 it’s mostly targeting organizations located in Italy (particularly within the health, transportation, construction, and logistics sectors) and is likely based in that country, as well. “Based on the extensive use of Italian infrastructure throughout UNC4990 operations, including … More →

The post …

actor ars technica cybercrime deliver malware devices don't miss eu github gitlab health hot stuff italy malicious malicious payloads malware mandiant organizations payloads popular stage storage targeting theft threat threat actor transportation usb usb devices websites