The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan (RAT) laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at least September 2019; it offers remote-access capabilities and has a few spyware aspects, including the ability to exfiltrate data from the victimized devices and networks.
Source: Threatpost