Researchers find threat group that has been active for 5 years

Spread the love
Warning: Data transfer in progress

Enlarge / Warning: Data transfer in progress (credit: Yuri_Arcurs/Getty Images)

Researchers on Tuesday revealed a new threat actor that over the past five years has blasted thousands of organizations with an almost endless stream of malicious messages designed to infect systems with data-stealing malware.

TA2541, as security firm Proofpoint has named the hacking group, has been active since at least 2017, when company researchers started tracking it. The group uses relatively crude tactics, techniques, and procedures, or TTPs, to target organizations in the aviation, aerospace, transportation, manufacturing, and defense industries. These TTPs include the use of malicious Google Drive links that attempt to trick targets into installing off-the-shelf trojans.

Tenacity and persistence

But what the group lacks in sophistication, it makes up for with a tenacity and persistence that allows it to nonetheless thrive. Since Proofpoint began tracking the group five years ago, it has waged an almost unending series of malware campaigns that typically deliver hundreds to thousands of messages at a time. A single campaign can impact hundreds of organizations all over the world, with an emphasis on North America, Europe, and the Middle East.

Read 9 remaining paragraphs | Comments

4 thoughts on “Researchers find threat group that has been active for 5 years

  1. An impressive share! I’ve just forwarded this onto a colleague who was conducting a little research on this.
    And he in fact ordered me lunch simply because I stumbled upon it for
    him… lol. So let me reword this…. Thanks for the meal!!
    But yeah, thanx for spending time to talk about this topic here on your site.

Leave a Reply

Your email address will not be published. Required fields are marked *