Wednesday, May 29, 2024
HomeCyber CrimeTA2541: A Tale of New Mysterious Hackers

TA2541: A Tale of New Mysterious Hackers


Researchers have discovered a hacking organisation known as TA2541 that has remained undetected for years without changing its techniques. Since 2017, this enigmatic gang has been carrying out phishing and malware attacks.

Concerning TA2541 and its Initiatives

Since the beginning, hackers have used the same strategies, including remotely managing victim PCs, conducting reconnaissance, and stealing crucial data, according to Proofpoint researchers.

The assaults begin with phishing emails containing sensitive information about the individuals and firms targeted, with themes relating to the transportation, aviation, and aerospace industries.

The attackers employed COVID-19-themed lures in one case, but they weren’t very tailored.

Attackers sent them in massive numbers, implying a sense of urgency, in order to trick people into downloading malware. The messages were always written in English.

Using a Variety of RATs

To download a RAT payload, the TA2541 group initially sent emails with macro-laden Word files. However, it has lately begun to use URLs for OneDrive and Google Drive.

The URLs point to a VBS file that has been disguised. When PowerShell is run, it uploads RATs onto Windows systems.

Since the operations began, the organisation has disseminated dozens of different malware payloads, all of which were accessible for sale on dark web forums or in open-source repositories.

AsyncRAT was the most widely distributed RAT in TA2541 campaigns, followed by Parallax, NetWire, and WSH RAT, all of which were used to take remote control of devices and steal data.

Victims and Areas that have been Singled Out

Hundreds of organisations in Europe, the Middle East, and North America have been targeted by the organisation. The industries addressed were aviation, transportation, defence, manufacturing, and aerospace.


Concluding Statement

The TA2541 group remained concealed for over five years, demonstrating its advanced evasive abilities. The efforts are still going strong, sending phishing emails to people all over the world.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us