Threat actors from TA505 hacking group conducting new wave attack by modifying the legitimate remote admin tool to Weaponized hacking tool that targets retailers in the U.S. and various financial institutions from Europe, APAC and LATAM. TA505 is believed to reside in Russia and the threat actors from this group involved in various high profile cyber attacks including Dridex, Locky ransomware, ServHelper malware, FlawedAmmyy, delivered through malicious email campaigns. The group is targeting victims mainly for financial motivation by gaining access to their system to perform fraudulent financial transactions.”]
Source: https://gbhackers.com/ta505-hackers-remote-admin-tool/