SYMBOL | COMMON_NAME | aka. SYNONYMS |
TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing emails with macro-enabled attachments to spread malicious PDFs containing rogue OneDrive links. TA571 has been observed using unique filtering techniques with intermediary "gates" to target specific users and bypass automated sandboxing. Proofpoint assesses with high confidence that TA571 infections can lead to ransomware.
There are currently no families associated with this actor.
2024-06-17
⋅
Proofpoint
⋅
From Clipboard to Compromise: A PowerShell Self-Pwn DarkGate HijackLoader Lumma Stealer Matanbuchus NetSupportManager RAT TA571 |
2023-10-30
⋅
Proofpoint
⋅
Security Brief: TA571 Delivers IcedID Forked Loader PHOTOFORK TA571 |