Multi-Year Spearphihing Campaign Against Maritime Industry

EclecticIQ has revealed that a single connected threat cluster is most likely behind an attack campaign targeting the maritime industry with spearphishing emails to distribute different malware threats. In July 2022, the campaign shifted from Agent Tesla to Formbook using CAB file attachments. However, there’s not much clarity on why the cluster changed its tooling.