Threats Feed|TA453|Last Updated 17/01/2024|AuthorCertfa Radar|Publish Date14/12/2022

Broadening Horizons: TA453's New Approaches in Cyber Operations

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Backdoor,Spear Phishing
  • Attack Complexity: Medium
  • Threat Risk: Low Impact/High Probability

Threat Overview

Since late 2020, threat actor TA453 has exhibited a shift in targeting and tactics. Previously targeting academics, diplomats, and journalists among others, TA453 has expanded to target medical researchers, aerospace engineers, realtors, and travel agencies. New tactics include the use of compromised accounts, malware, and confrontational lures. Despite this shift, Proofpoint assesses that TA453 operates in support of Iran's IRGC Intelligence Organization, indicating a broadening scope of cyber operations. The operations appear to focus on the US, Israel, and various European countries, targeting sectors like academia, diplomacy, journalism, human rights, and energy.

Detected Targets

TypeDescriptionConfidence
CaseThe Center for Security Studies (CSS)
The Center for Security Studies is a center at the Swiss Federal Institute of Technology in Zurich, which focuses on Swiss and international security. The Center for Security Studies (CSS) has been targeted by TA453 with abusive purposes.
Verified
CaseUnited States Central Command (Centcom)
The United States Central Command is one of the eleven unified combatant commands of the U.S. Department of Defense. It was established in 1983, taking over the previous responsibilities of the Rapid Deployment Joint Task Force. Its Area of Responsibility includes the Middle East, Central Asia and parts of South Asia. United States Central Command (Centcom) has been targeted by TA453 as the main target.
Medium
SectorHuman Rights
Medium
SectorMedical
Verified
SectorMilitary
Verified
SectorReal Estate
Verified
SectorAerospace
Verified
SectorEnergy
Verified
SectorPolitical
Verified
SectorResearchers
Verified
SectorTourism
Verified
RegionIran
Verified
RegionIsrael
Verified
RegionUnited States
Verified
RegionMiddle East Countries
Verified
RegionEuropean Countries
Verified

Extracted IOCs

  • bnt2[.]live
  • css-ethz[.]ch
  • gettogether[.]quest
  • nco2[.]live
  • office-updates[.]info
  • profilepic[.]site
  • samantha.wolf0077@gmail[.]com
  • a8c062846411d3fb8ceb0b2fe34389c4910a4887cd39552d30e6a03a02f4cc78
  • 66[.]29.153.90
download

Tip: 9 related IOCs (1 IP, 6 domain, 0 URL, 1 email, 1 file hash) to this threat have been found.

Overlaps

APT42APT42's Multi-National Cyber Operations: A Focus on Surveillance and Espionage

Source: Cyware - October 2022

Detection (one case): a8c062846411d3fb8ceb0b2fe34389c4910a4887cd39552d30e6a03a02f4cc78

APT42APT42: Uncovering the Iranian Cyber Espionage Operations and Global Targets

Source: Mandiant - September 2022

Detection (one case): a8c062846411d3fb8ceb0b2fe34389c4910a4887cd39552d30e6a03a02f4cc78

Yellow GarudaYellow Garuda's New Arsenal: Telegram 'Grabber' Tool and Android Malware in Focus

Source: PWC - July 2022

Detection (two cases): a8c062846411d3fb8ceb0b2fe34389c4910a4887cd39552d30e6a03a02f4cc78, office-updates[.]info

APT35APT35 Cyber Espionage: From Phishing to Spyware and Beyond

Source: Google Threat Analysis Group (TAG) - October 2021

Detection (one case): nco2[.]live

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.