← All Threat Actors
Threat Actor Profile

Mustard Tempest

DEV-0206 G1020 GOLD PRELUDE Purple Vallhund TA569 UNC1543
▲ High Threat
Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, disguised as browser updates or software packages, to lure targets into downloading a ZIP file containing a JavaScript file. Once executed, the JavaScript framework acts as a loader for other malware campaigns, often Cobalt Strike payloads. Mustard Tempest has been associated with the cybercrime syndicate Mustard Tempest, also known as EvilCorp, and has been involved in ransomware attacks using payloads such as WastedLocker, PhoenixLocker, and Macaw.
Origin

Known TTPs

Malvertising
Upload Malware
Match Legitimate Resource Name or Location
Spearphishing Link
Domains
SEO Poisoning
Drive-by Target
Drive-by Compromise
Malicious Link
System Information Discovery
Server
Ingress Tool Transfer

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD