TA2541: APT Has Been Shooting RATs at Aviation for Years

Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.

Researchers have identified an advanced persistent threat (APT) group responsible for a series of cyberespionage and spyware attacks against the aviation, aerospace, transportation and defense industries since at least 2017 that feature high-volume email campaigns using industry-specific lures.

The group, which researchers have dubbed TA2541, typically sends hundreds of thousands of malicious messages – nearly always in English – that ultimately deliver a remote-access trojan (RAT) payload using commodity malware to collect data from victims’ machines and networks, according to a new report by Proofpoint released Tuesday. These campaigns have affected hundreds of organizations across the world, with recurring targets in North America, Europe and the Middle East, researchers said.

Though a number of the group’s attacks already have been tracked by various researchers – including Microsoft, Mandiant, Cisco Talos, Morphisec and others – since at least 2019, Proofpoint’s latest research shares “comprehensive details linking public and private data under one threat activity cluster we call TA2541,” researchers wrote.

Indeed, previously reported attacks related to TA2541 include a two-year spyware campaign against the aviation industry

Read More: https://threatpost.com/ta2541-apt-rats-aviation/178422/