simontsui, Proofpoint reported that the financially motivated threat actor TA866 continued an email campaign containing PDFs with malicious OneDrive links. This would launch a multi-step infection chain delivering WasabiSeed and Screenshotter payloads. IOC included.
🔗 https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign#TA866 #IOC #threatintel #OneDrive #WasabiSeed #Screenshotter