Shathak

Shathak, also known as TA551 and UNC2420, is a threat actor that has been particularly active in the cybersecurity landscape from April to November 2020. This entity is recognized for its email-based malware distribution campaigns, often targeting English-speaking victims. Shathak utilizes a distinct distribution method involving password-protected ZIP archives attached to malicious spam (malspam). The frequency of these attacks was notably high between April and June 2020, with waves of Valak malware being distributed two to four times a week on average through this network. The activities of Shathak have been documented across various platforms. It has been discussed on the Malware Don’t Need Coffee blog, where it is attributed to an actor named TA551. Furthermore, its operations have been mentioned on Twitter, where its use of malspam to push Valak has been highlighted. This threat actor is financially motivated and has been found to collaborate with elite cybercrime gangs, thereby expanding its reach and potential impact. In summary, Shathak represents a significant cybersecurity threat due to its prolific and sophisticated malware distribution methods. Its focus on English-speaking victims and collaboration with other cybercrime entities further enhances its threat level. By employing unique distribution techniques such as password-protected ZIP archives in malspam, Shathak demonstrates an evolving threat landscape that requires continuous vigilance and advanced countermeasures.