CySecurity News – Latest Information Security and Hacking Incidents
Recently, a campaign has been discovered wherein threat actors are noted to be victimizing a variety of critical infrastructure sectors in different regions such as Africa, the Middle East, and the United States. The group that has been identified as TA410, has been using an improved version of a remote access trojan designed with information-stealing capabilities.
TA410 is an umbrella group comprising of three teams named FlowingFrog, LookingFrog, and JollyFrog.
In regard to the incident, the Slovak cybersecurity firm ESET has reported that “these subgroups operate somewhat independently, but that they may share intelligence requirements, and access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure.”
Following the incident, it has been observed that the TA410 shares behavioral and tooling overlaps with APT10 (aka Stone Panda or TA429) which has a history of targeting U.S.-based organizations in the utility sector as well as diplomatic entities in the Middle East and Africa region.
Moreover, the group has also targeted many firms in different regions all across the world including a manufacturing company in Japan, mining business in India, a charity foundation in Israel, and unnamed victims in the education and military verticals.
Im 2019, TA410 was recorded by Proofpoint for the first time when the members of the group executed phishing campaigns containing macro-laden documents to compromise utility providers across the U.S. with a modular malware called Lo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: