I think the two groups I am monitoring are not interested in horizontal expansion within their target banks, maybe due to the extreme network security of these institutions? Based on my experience, they keep these infected systems as sleepers, not using them for long periods of time.
My guess, is that horizontal expansion is more important to organized ransomware operations? On Sun, 6 Dec 2020 20:03:51 +0100 Thomas Walter via mailop <mailop@mailop.org> wrote: > On 06.12.20 19:27, Mary via mailop wrote: > > Now, having a large list of real email bodies, they re-use them for > > phishing. They re-send a previously legitimate email but with variations, > > like replacing attachments. > > They can also send mail directly from the inside - without any SPF > checks in place and quite often without any antispam or antivirus > measures as long as the email stays on the inside? And use the correct > user's address? > > At least that's what happened here in one incident. > > Regards, > Thomas Walter > > -- > Thomas Walter > Datenverarbeitungszentrale > > FH Münster > - University of Applied Sciences - > Corrensstr. 25, Raum B 112 > 48149 Münster > > Tel: +49 251 83 64 908 > Fax: +49 251 83 64 910 > www.fh-muenster.de/dvz/ > _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
