TA 505 – Global Ransomware Criminals
Prevailion’s Tailored Intelligence Team has continued to follow an evolving threat actor group dubbed TA505 - a known cyber criminal organization that has likely been active since at least 2017, whose motives are speculated to be financial in nature. This group has been known to infect victims through business email compromise. Once a victim’s system is initially compromised, TA505 has been observed utilizing a wide variety of commercially available and custom remote access trojans. Upon gaining access, with a trojan in the network, they have been observed stealing sensitive financial data...