Group: TA459

From enterprise
Jump to: navigation, search
TA459
Group
ID G0062
Aliases TA459
Contributors Valerii Marchuk, Cybersecurity Help s.r.o.

TA459 is a threat group believed to operate out of China that has targeted countries including Russia, Belarus, Mongolia, and others.1

Alias Descriptions

  • TA459 - 1

Techniques Used

  • Spearphishing Attachment - TA459 has targeted victims using spearphishing emails with malicious Microsoft Word attachments.1
  • PowerShell - TA459 has used PowerShell for execution of a payload.1
  • User Execution - TA459 has attempted to get victims to open malicious Microsoft Word attachment sent via spearphishing.1

Software

  • gh0st - TA459 has used a Gh0st variant known as PCrat/Gh0st.1