A sophisticated phishing and malware campaign has been linked to the APT group Team46, also known as TaxOff, involving zero-day exploits and multi-layered malware loaders. The operation, dating back to 2024, utilizes advanced obfuscation techniques and custom encryption to evade detection. #Team46 #TaxOff #CVE-2025-2783 #Trinper
Keypoints
- The campaign uses a Google Chrome sandbox escape zero-day (CVE-2025-2783) to install malware.
- Phishing emails disguised as invitations and spoofed websites triggered the malware deployment.
- The malware loader Trinper employs complex obfuscation and custom encryption for stealth.
- Team46 and TaxOff are determined to be the same APT group based on technical similarities.
- The operation has been ongoing since late 2024, with targeted attacks on specific organizations.