Managed Detection and Response
APTs TA410 Targeting the Utilities Sector
August 13, 2020 | 1 min read
BlueVoyant
“Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities.
TA410 APT is a cyberespionage threat group. According to researchers at Proofpoint, they added a modular RAT (Remote Access Trojan) to its toolset and deployed it against the U.S. utilities sector. In Proofpoint’s profile of a 2019 campaign, TA410 was also observed targeting utilities with this previously undiscovered RAT. Utilities were also targeted by LookBack malware at relatively the same time over the second half of 2019.
The newly-identified modular FlowCloud RAT is capable of accessing device applications, and controlling services/processes of an infected computer. It also exfiltrates data via its Command and Control center. Both FlowCloud and LookBack were delivered via malicious documents with embedded macros.
Additionally, there are similarities between the infrastructure and tactics used between the two pieces of malware. While there is some overlap between the indicators of this TA410 campaign and those from campaigns associated with Stone Panda (aka APT10, TA429), Proofpoint is hesitant to link the two since Stone Panda’s TTPs are widely circulated and TA410 may be employing them as false flag operations.
Related Reading
Digital Risk Protection
From Zelle to Your Wallet: The Mechanics of Third-Party Phishing
September 12, 2024 | 3 min read
Managed Detection and Response
Forrester Study: BlueVoyant MDR Delivered a 210% Return on Investment for Clients Through Effective Threat Detection and Response, Optimized SecOps Spending, and Reduced Breach Incidence
September 10, 2024 | 5 min read