Security News > 2022 > September > TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505.

The control panel, called TeslaGun, is said to be used by the adversary to manage the ServHelper implant, working as a command-and-control framework to commandeer the compromised machines.

The panel offers the ability for the attackers to issue commands, not to mention send a single command to all victim devices in go or configure the panel such that a predefined command is automatically run when a new victim is added to the panel.

"The TeslaGun panel has a pragmatic, minimalist design. The main dashboard only contains infected victim data, a generic comment section for each victim, and several options for filtering victim records," the researchers said.

PRODAFT's analysis of TeslaGun victim data shows that the group's phishing and targeted campaigns have hit at least 8,160 targets since July 2020.

A majority of those victims are located in the U.S., followed by Russia, Brazil, Romania, and the U.K. "It is clear that TA505 is actively looking for online banking or retail users, including crypto-wallets and e-commerce accounts," the researchers noted, citing comments made by the adversarial group in the TeslaGun panel.

News URL

https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html