Threats Feed|TA456|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date28/07/2021

TA456's Advanced Espionage Tactics Against Defense Contractors Using LEMPO Malware

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Dropper,Malicious Macro,Malware,Honey Trap,Spear Phishing
  • Attack Complexity: Medium
  • Threat Risk: Low Impact/High Probability

Threat Overview

The report from Proofpoint outlines a complex social engineering and malware campaign that appears to have been conducted by an actor aligned with the Iranian state, believed to be TA456. Over several years, TA456 used a fake social media persona, "Marcella Flores," to build a relationship with an employee of an aerospace defense contractor. The aim was to infect the target's computer with the LEMPO malware, designed for reconnaissance and data exfiltration. This campaign serves to illustrate TA456's persistence and advanced social engineering tactics, targeting smaller contractors with the ultimate goal of eventually compromising larger defense firms.

Reference and Credit: Proofpoint - July 2021

I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona

Detected Targets

TypeDescriptionConfidence
SectorDefense
Verified
SectorAerospace
Verified

Extracted IOCs

  • marcellaflores39@gmail[.]com
  • 1534f95f49ddf2ada38561705f901e5938470c1678d6a81f0f4177ba7412ef5b
  • 612bdfb4f6eaf920a7a41fa06de8d99f6ecf6ad147374efa6eb1d5aff91df558
  • da65aa439e90d21b2cf53afef6491e7dcdca19dd1bbec50329d53f3d977ee089
  • dfddbd09ccea598c4841f1abbc927f1c661d85d4bd9bcb081f7c811212d8a64a
download

Tip: 5 related IOCs (0 IP, 0 domain, 0 URL, 1 email, 4 file hash) to this threat have been found.

About Affiliation
TA456
The group has been active since at least July 2018.
View TA456's Insights