Broadening Horizons: TA453's New Approaches in Cyber Operations
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Backdoor,Spear Phishing
- Attack Complexity: Medium
- Threat Risk: Low Impact/High Probability
Since late 2020, threat actor TA453 has exhibited a shift in targeting and tactics. Previously targeting academics, diplomats, and journalists among others, TA453 has expanded to target medical researchers, aerospace engineers, realtors, and travel agencies. New tactics include the use of compromised accounts, malware, and confrontational lures. Despite this shift, Proofpoint assesses that TA453 operates in support of Iran's IRGC Intelligence Organization, indicating a broadening scope of cyber operations. The operations appear to focus on the US, Israel, and various European countries, targeting sectors like academia, diplomacy, journalism, human rights, and energy.
|Case||The Center for Security Studies (CSS)|
The Center for Security Studies is a center at the Swiss Federal Institute of Technology in Zurich, which focuses on Swiss and international security. The Center for Security Studies (CSS) has been targeted by TA453 with abusive purposes.
|Case||United States Central Command (Centcom)|
The United States Central Command is one of the eleven unified combatant commands of the U.S. Department of Defense. It was established in 1983, taking over the previous responsibilities of the Rapid Deployment Joint Task Force. Its Area of Responsibility includes the Middle East, Central Asia and parts of South Asia. United States Central Command (Centcom) has been targeted by TA453 as the main target.
|Region||Middle East Countries||Verified|
Tip: 9 related IOCs (1 IP, 6 domain, 0 URL, 1 email, 1 file hash) to this threat have been found.
Source: PWC - July 2022
Detection (two cases): a8c062846411d3fb8ceb0b2fe34389c4910a4887cd39552d30e6a03a02f4cc78, office-updates[.]info
Source: Google Threat Analysis Group (TAG) - October 2021
Detection (one case): nco2[.]live
Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.