| SYMBOL | COMMON_NAME | aka. SYNONYMS |
According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of the activity observed occurred since October 2022, Proofpoint researchers identified multiple activity clusters since 2019 that overlap with TA866 activity. Most of the activity recently observed by Proofpoint suggests recent campaigns are financially motivated, however assessment of historic related activities suggests a possible, additional espionage objective.
| 2024-10-23
⋅
Cisco Talos
⋅
Highlighting TA866/Asylum Ambuscade Activity Since 2021 WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie |
| 2023-06-15
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: Resident Campaign Cobalt Strike Resident Rhadamanthys WarmCookie |
| 2023-02-08
⋅
Proofpoint
⋅
Screentime: Sometimes It Feels Like Somebody's Watching Me WasabiSeed TA866 |