Welcome to New York, it's been waitin' for you. [Research Saturday]
CyberWire Daily
00:00
The Complex Attack Chain of Tf53
The malicious link was an email with a Google macro. The raw file title matched the content of the initial email that we had talked about where they said, hey, can you help me with this project that we're working on? And so the victim gets that and I suppose at this point, things look legit, but what exactly is going on here with that raw file? Yeah. So that's something that we've seen. There's the first time we've seen Tf53, which we also call CharmingKitten. There's another name that they're known as. It uses pieces of all of those different things that it's downloaded to start the back door, which we call
Play episode from 03:55
Transcript
