TA402  (Back to overview)

TA402 is an APT group that has been tracked by Proofpoint since 2020. They primarily target government entities in the Middle East and North Africa, with a focus on intelligence collection. TA402 is known for using sophisticated phishing campaigns and constantly updating their malware implants and delivery methods to evade detection. They have been observed using cloud services like Dropbox and Google Drive for hosting malicious payloads and command-and-control infrastructure.

Associated Families

There are currently no families associated with this actor.

2023-11-14ProofpointJoshua Miller
TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities
IronWind TA402
2022-02-08ProofpointGeorgi Mladenov, Joshua Miller, Konstantin Klinger
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
BrittleBush NimbleMamba TA402

Credits: MISP Project