Researchers on Tuesday revealed a new threat actor that over the past five years has blasted thousands of organizations with an almost endless stream of malicious messages designed to infect systems with data-stealing malware.
TA2541, as security firm Proofpoint has named the hacking group, has been active since at least 2017, when company researchers started tracking it. The group uses relatively crude tactics, techniques, and procedures, or TTPs, to target organizations in the aviation, aerospace, transportation, manufacturing, and defense industries. These TTPs include the particular use of malicious Google Drive links that attempt to trick targets into installing off-the-shelf trojans.
Tenacity and persistence
But what typically the group lacks in sophistication, this makes up for with a tenacity and persistence that allows that to nonetheless thrive. Since Proofpoint began tracking the group 5 years ago, it has waged an almost unending series of malware campaigns that typically deliver hundreds in order to thousands of messages at a time. A single campaign can impact hundreds of organizations all over this world, with an emphasis on North America, Europe, and often the Middle East.