TA2541 is extensively using a variety of Remote Access Trojans (RAT) in spear-phishing attacks to lure their target.
Proofpoint researchers have published a report highlighting the presence of a little-known cybercrime group targeting aviation, defense, manufacturing, and transportation sectors with malware since 2017.
Interestingly, the group has evaded detection for so long despite using the same attack tactics. Proofpoint’s report is based on similar accounts from other cybersecurity and tech firms, including Mandiant, Cisco Talos, Morphisec, and Microsoft.
Details about TA2541
Proofpoint tracked the group, which its researchers codenamed TA2541. They claim that their attacks are unrefined, and they mostly rely on infecting/deploying commodity malware on the victims’ networks. Still, the group managed to stay low-key, and not much is known about it. Most of the group’s targets were located in North America, Europe, and the Middle East.
Researchers wrote that the group attacks follow the same pattern since they mainly send out thousands of spear-phishing emails per campaign (usually 10,000 emails per campaign), typically written in the English language, to trap their targets.
The emails vary in themes as the group has used requests for aircraft parts, urgent requests for air ambulance flight details, and