A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, Vimeo, GitHub and GitLab to surreptitiously deliver malware. Another interesting detail about UNC4990 it’s mostly targeting organizations located in Italy (particularly within the health, transportation, construction, and logistics sectors) and is likely based in that country, as well. “Based on the extensive use of Italian infrastructure throughout UNC4990 operations, including … More

The post Threat actor used Vimeo, Ars Technica to serve second-stage malware appeared first on Help Net Security.