Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

2022-04-28 21:58

Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that "These subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure."

TA410 - said to share behavioral and tooling overlaps with APT10 - has a history of targeting U.S-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa.

Nearly a year later, the group returned with a new backdoor codenamed FlowCloud, also delivered to U.S. utilities providers, that Proofpoint described as malware that gives attackers complete control over infected systems.

Industrial cybersecurity firm Dragos, which tracks the activity group under the moniker TALONITE, pointed out the group's penchant for blending techniques and tactics in order to ensure a successful intrusion.

Each team within the TA410 umbrella is said to use different toolsets.

FlowingFrog, in contrast, employs a downloader called Tendyron that's delivered by means of the Royal Road RTF weaponizer, using it to download FlowCloud as well as a second backdoor, which is based on Gh0stRAT. "TA410 is a cyberespionage umbrella targeting high-profile entities such as governments and universities worldwide," ESET said.

News URL

https://thehackernews.com/2022/04/experts-detail-3-hacking-teams-working.html

#hacking #teams #umbrella