Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation ServHelper Evolves

The TA505 threat actor targeted multiple sectors around the world with spear-phishing emails to drop the ServHelper backdoor. The group's focus is financial gain and are also suspected to be behind other malware families including Dridex and Locky. Many techniques were used in the attacks including PowerShell, scripting, hooking, and data encoding/obfuscation.
Name Modified Date Sources
Operation ServHelper Evolves 2020-01-22