TA551/Shathak Threat Research

TA551/Shathak is a sophisticated cybercrime actor targeting end-users on a global scale. The group has distributed different malware families over time, but consistently used password-protected ZIP archives containing macro-enabled Office documents. Previous families distributed have included Ursnif and Valak, with IcedID distribution starting in summer 2020. The Mimecast Threat Research Team, in collaboration with Nettitude, has observed multiple TA551/ Shathak campaigns over recent months to develop this threat intelligence report.