SYMBOLCOMMON_NAMEaka. SYNONYMS

TA571  (Back to overview)


TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing emails with macro-enabled attachments to spread malicious PDFs containing rogue OneDrive links. TA571 has been observed using unique filtering techniques with intermediary "gates" to target specific users and bypass automated sandboxing. Proofpoint assesses with high confidence that TA571 infections can lead to ransomware.


Associated Families

There are currently no families associated with this actor.


References
2024-06-17ProofpointProofpoint
From Clipboard to Compromise: A PowerShell Self-Pwn
DarkGate HijackLoader Lumma Stealer Matanbuchus NetSupportManager RAT TA571
2023-10-30ProofpointAxel F, Selena Larson
Security Brief: TA571 Delivers IcedID Forked Loader
PHOTOFORK TA571

Credits: MISP Project