Proofpoint’s team of researchers found TA2541. He is a cybercriminal who has been targeting the aviation, transportation, manufacturing, defense and aerospace industries for years. TA2541 uses remote access trojan (RAT) to get to remotely control compromised machines. According to Proofpoint’s findings, this threat actor has been active since 2017.
TA2541 is a persistent cybercriminal who distributes remote access Trojans across various industries. Proofpoint has been following this actor for some time and has shown that TA2541 follows consistent TTP tactics, techniques and procedures over time. According to Proofpoint, the cybercriminal sent Microsoft Word attachments loaded with macros which downloaded the RAT payload.
Today, they are more frequent messages with links to cloud services such as Google Drive where the payload is hosted. In the past, during the spring of 2020, TA2541 also managed to exploit issues related to Covid-19 to carry out its attacks. The issues dealt with, even in that case, were consistent with the previous work, focusing on cargo flights and flight information.
Strike campaigns are usually conducted in English and have hit recurring targets in North America, Europe and the Middle East.
Note that other research teams (including Cisco Talos, Morphisec, Microsoft, Mandiant and independent researchers) have also published data on similar activities as of 2019. As confirmed by Proofpoint, these activities overlap with those of the monitored actor TA2541 .
In the world of mobile gaming, Monopoly GO is a popular game known for being…
In view of the sixth F1 round of the season which will stop in the…
Different motivations but same objectives, score points. So let's find out where to watch Salernitana-AtalantaTelevision…
Let's discover QuiGioco together, a new platform in the great universe of online casinos and…
Amazon Prime Video releases for May 2024: here are the films, shows and TV series…
In this new episode of Anime Breakfast, this time a review, let's find out together…
