TA551/Shathak threat research

Ripplies of multi-coloured 1s and 0s - whitepaper from Mimecast

Mimecast logo

Approx. read time: 42 minutes

This report delves into the details of the malicious group TA551/Shathak and its campaigns.

TA551/Shathak is a sophisticated cyber crime actor targeting end-users on a global scale. The group has distributed different malware families over time, but consistently used password-protected ZIP archives containing macro-enabled Office documents. Previous families distributed have included Ursnif and Valak, with IcedID distribution starting in mid 2020.

The Mimecast Threat Research Team, in collaboration with Nettitude, has observed multiple TA551/ Shathak campaigns over recent months to develop this threat intelligence report.


ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.