Article 5W5WA Researchers find threat group that has been active for 5 years

Researchers find threat group that has been active for 5 years

by
Dan Goodin
from Ars Technica - All content on (#5W5WA)
data-transfering-800x450.jpg

Enlarge / Warning: Data transfer in progress (credit: Yuri_Arcurs/Getty Images)

Researchers on Tuesday revealed a new threat actor that over the past five years has blasted thousands of organizations with an almost endless stream of malicious messages designed to infect systems with data-stealing malware.

TA2541, as security firm Proofpoint has named the hacking group, has been active since at least 2017, when company researchers started tracking it. The group uses relatively crude tactics, techniques, and procedures, or TTPs, to target organizations in the aviation, aerospace, transportation, manufacturing, and defense industries. These TTPs include the use of malicious Google Drive links that attempt to trick targets into installing off-the-shelf trojans.

Tenacity and persistence

But what the group lacks in sophistication, it makes up for with a tenacity and persistence that allows it to nonetheless thrive. Since Proofpoint began tracking the group five years ago, it has waged an almost unending series of malware campaigns that typically deliver hundreds to thousands of messages at a time. A single campaign can impact hundreds of organizations all over the world, with an emphasis on North America, Europe, and the Middle East.

Read 9 remaining paragraphs | Comments

index?i=ktGNVrKawPo:Qy4qCdK9fxA:V_sGLiPB index?i=ktGNVrKawPo:Qy4qCdK9fxA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments