← All Threat Actors
Threat Actor Profile

TA2541

G1018
▲ High Threat
Persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years. This threat actor consistently uses remote access trojans (RATs) that can be used to remotely control compromised machines. This threat actor uses consistent themes related to aviation, transportation, and travel. The threat actor has used similar themes and targeting since 2017.
Origin

Known TTPs

Upload Malware
Registry Run Keys / Startup Folder
Asymmetric Cryptography
Ingress Tool Transfer
Dynamic Resolution
Match Legitimate Resource Name or Location
Security Software Discovery
Scheduled Task
Software Packing
System Information Discovery
Disable or Modify Tools
Malware
Mshta
Tool
Malicious Link
Domains
Process Injection
PowerShell
Encrypted/Encoded File
Internet Connection Discovery
Process Hollowing
Windows Management Instrumentation
Malicious File
Visual Basic
Spearphishing Link
Compression
Spearphishing Attachment
Web Services

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD