Written by AJ Vicens
Feb 15, 2022 | CYBERSCOOP
Analysts have noticed various attempts in recent years by hackers trying to breach entities in the aviation and aerospace industries, as well as related transportation fields. The operators typically use of off-the-shelf malware and deploy digital lures that refer to industry-specific topics like airline cargo conferences or machine parts.
It now appears that most of those incidents were by the same group, according to cybersecurity firm Proofpoint. Dubbing the group “TA2541,” Proofpoint says the trail of evidence goes back to at least 2017, and the hackers remain a “consistent, active cybercrime threat.” Hundreds of different organizations have been targeted globally, with an emphasis on North America, Europe and the Middle East, the researchers say.
Crime seems to be the main goal, says Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, given TA2541’s targeting, its victims, its use of commodity malware and its high message volume. Campaigns ranging from hundreds to several thousand emails can be traced to the group, and it does not appear to be interested in espionage the way nation-state groups are, DeGrippo says.
Previous reports from other researchers have said theft and resale of