The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan (RAT) laterally throughout an entire corporate environment, researchers said. The group has been actively targeting various industries, including finance, retail and retail industries, since at least 2014. The campaign used the initially compromised system to escalate privileges and move laterally across additional systems on the network using the AD credentials harvested earlier, according to the researcher.
Source: https://threatpost.com/ta505-crime-gang-sdbbot-corporate-network-takeover/154779/