According to a research conducted by Proofpoint, cybersecurity researchers have been targeting the servers operating in aerospace and defense sector with a Trojan malware and the hacking group behind the incident has been dubbed as TA2541.
Interestingly, the malware campaign has been active since 2017 and compromised over 1100 organizations operating across North America, Europe and the Middle East.
Researchers have discovered that the TA2541 has been using the same attack themes from years and is broadly known to steal sensitive information from compromised machines and to carry out espionage.
Proofpoint claims that the said group of threat actors is suspected to be operating from Nigeria and is apparently being funded by two Asian nations.
The distribution of the malware is being done through phishing emails laced with a malicious Microsoft Word Document that is customized to deliver remote access tools (RAT).
TA2541 is seen purchasing malware tools from forums and AsyncRAT, NetWire, WSH RAR and Parallax seem to be their hot favorites.
Cisco Talos that conducted a separate research on this malware distribution claims that the hacking group has been targeting the aerospace industry for 5 years through email phishing campaigns and is being funded by those running ransomware gangs.
Whatās most interesting about this hacking group is the fact that it has somehow stayed anonymous and has succeeded in distributing and deploying malicious campaigns without the rise of too many red flagsā¦..strangeā¦.isnāt it?
