Full Report
New research by Infoblox Threat Intel exposes a hidden alliance between major cybercrime groups like VexTrio and seemingly…
Analysis Summary
Based on the provided article context, the summary of the threat actor information is extremely limited, as the main article content detailing the actor appears to be truncated. The available text only introduces the subject of the report.
# Threat Actor: Los Pollos and RichAds (Traffic Operators)
## Attribution & Identity
The actors/entities linked to malware traffic operations are **Los Pollos** and **RichAds**. The context suggests they are involved in malware traffic distribution rather than being traditional APT groups. The research linking them originates from **Infoblox Threat Reach**.
## Activity Summary
The primary activity involves **Malware Traffic Operations**. The specific details of campaigns or historical activities are not present in the provided snippet, only the entities implicated in these operations.
## Tactics, Techniques & Procedures
- The article explicitly mentions involvement in **Malware Traffic Operations**.
- Specific TTPs or MITRE ATT&CK IDs are **not mentioned** in the provided text.
## Targeting
- Sectors: **Not specified** in the provided text.
- Geography: **Not specified** in the provided text.
- Victims: **Not specified** in the provided text.
## Tools & Infrastructure
- Malware families used: **Not specified** in the provided text.
- Infrastructure (C2, domains, IPs): **Not specified** in the provided text.
## Implications
The implication is that legitimate advertising/traffic monetization entities (RichAds) or associated operations (Los Pollos) are being used or linked to the distribution of malware traffic, indicating a supply chain risk in ad networks or traffic sources.
## Mitigations
- Defense recommendations specific to this actor are **not provided** in the summary context. (General advice would involve vetting advertising partners and monitoring traffic sources.)