Map of TA505 Activity Shows Global Foothold After Necurs Botnet Goes Dark

Image of Prevailion TA505 activity map - March 2019
19 March 2020

Just shy of a week after Microsoft squeezed cyber criminals out of the prolific Necurs botnet infrastructure, threat actors like TA505 still maintain a foothold on networks throughout the world.

Findings from Prevailion’s compromise intelligence platform on Wednesday showed the IP addresses TA505 have actively infected around the globe.

Prevailion’s Chief Data Scientist Nate Winslow shared a map of this activity, along with his insight of the findings, on LinkedIn today.

“Cyber crime is not slowing down because of COVID-19. The TA505 group is a prime example we see in our data. If you are not familiar with TA505, they are a financially motivated advanced threat actor with a global reach (see graphic). They have malware in hospitals, banks, and schools. They are NOT good people and they have solid technical skills.”

TA505, also known as Evil Corp, has diversified their attacks on global businesses, incorporating a variety of schemes. One recently uncovered by Prevailion’s Tailored Intelligence team shows how they used trojanized resumes to compromise unsuspecting German businesses. Read the team’s full report to learn more about this attack, and how to protect your organization from becoming a victim.

Anyone can get visibility of compromises like this by trying Prevailion for free today.

The Latest

IRONSCALES Cyber Security Heroes: The New Cyber Era Post Ukraine Invasion

What Wicked Webs We Un-weave

What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see Authored by: Matt Stafford and Sherman Smith Executive summary: In late January 2022, Prevailion’s Adversarial Counterintelligence Team (PACT) identified extensive phishing activity designed to harvest credentials for Naver. Naver is a […]

Prevailion CEO, Karim Hijazi – Cheddar News- Discusses How Russia Is Using Cyberattacks Against Ukraine

Prevailion CEO, Karim Hijazi, discusses why the Russian cyberwarfare is concerning to other nations.

Copyright 2022 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.