Security News > 2022 > February > Unskilled hacker linked to years of attacks on aviation, transport sectors
For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries.
Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in analysis of separate campaigns.
Given TA2541's choice of targets, its activity has not gone unnoticed and security researchers from other companies have analyzed its campaigns [1, 2, 3] in the past, but without connecting all the dots.
Cisco Talos published a report last year about a TA2541 campaign targeting the aviation industry with AsyncRAT. The researchers concluded that the actor had been active for at least five years.
"While researching the actor's activities, using passive DNS telemetry, we compiled the list of IPs used by the domain akconsult.linkpc.net. The chart below shows that roughly 73 percent of the IPs were based in Nigeria, further strengthening the theory that the actor in question is based in Nigeria." - Cisco Talos.
Even if TA2541's tactics, techniques, and procedures describe an adversary that is not technically sophisticated, the actor managed to deploy malicious campaigns for more than five years without raising too many flags.
News URL
Related news
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)