General description
The activity of the TA505 group was first discovered and described in 2014, but the group itself is believed to have been around since 2006. The group's victims feature companies from various sectors around the world. The group employs a wide range of tools, designed to handle any task. Phishing is the main means applied to penetrate an infrastructure. It finds its victims all over the world, avoiding the CIS. According to researchers, the group is presumed to be Russian-speaking. TA505 follows the latest trends, using the COVID-19 theme and ZeroLogon vulnerability in its attacks.
Objectives
- Cash theft
Tools
- Dridex
- Shifu
- Trickbot
- Zeus
- FlawedAmmyy
- FlawedGrace
- SDBbot
- BackNet
- RMS
- Neutrino
- Amadey
- GameOver Zeus
- ServHelper
- FlowerPippi
- Locky
- Jaff
- GlobeImposter
- Rapid
- Clop/CryptoMix
- MINERBRIDE
- Bart
- DoppelPaymer
- Philadelphia
- Snatch
- DEWMODE
- GraceWire
- Kegotip
- EmailStealer
- Pony
- Metasploit
- Cobalt Strike
- AndroMut
- Rockloader
- Gelup
- Get2
- Quant
- Marap
- TinyMet
Targeted countries
Canada
China
France
Germany
Hungary
India
Italy
Malawi
Mexico
Pakistan
South Korea
Taiwan
Ukraine
United Kingdom
United States of America
Alternative names
- EvilCorp
- ATK 103
- SectorJ04
- Hive0065
- GRACEFUL SPIDER
- GOLD TAHOE
- Dudear
- CHIMBORAZO
Targeted sectors:
- The finance sector
- The energy sector
- Pharmaceuticals
- Aerospace industry
- State sector
- Research companies