Map of TA505 Activity Shows Global Foothold After Necurs Botnet Goes Dark
Just shy of a week after Microsoft squeezed cyber criminals out of the prolific Necurs botnet infrastructure, threat actors like TA505 still maintain a foothold on networks throughout the world.
Findings from Prevailion’s compromise intelligence platform on Wednesday showed the IP addresses TA505 have actively infected around the globe.
Prevailion’s Chief Data Scientist Nate Winslow shared a map of this activity, along with his insight of the findings, on LinkedIn today.
“Cyber crime is not slowing down because of COVID-19. The TA505 group is a prime example we see in our data. If you are not familiar with TA505, they are a financially motivated advanced threat actor with a global reach (see graphic). They have malware in hospitals, banks, and schools. They are NOT good people and they have solid technical skills.”
TA505, also known as Evil Corp, has diversified their attacks on global businesses, incorporating a variety of schemes. One recently uncovered by Prevailion’s Tailored Intelligence team shows how they used trojanized resumes to compromise unsuspecting German businesses. Read the team’s full report to learn more about this attack, and how to protect your organization from becoming a victim.
Anyone can get visibility of compromises like this by trying Prevailion for free today.
Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign. UNC1151 is likely a state-backed threat actor [1] waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]
Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.
Prevailion CEO, Karim Hijazi, talks about the T-Mobile hack and cloned SIM cards Karim Hijazi says T-Mobile’s breach is the largest in carrier history and discusses SIM swapping and other forms of identity theft.