ITG08

ITG08 is a notable threat actor in the cybersecurity landscape, known for its malicious activities and strategic partnerships with other threat actors. This group has been linked to a series of attacks through Tactics, Techniques, and Procedures (TTPs) consistent with their known modus operandi. While these TTPs alone are not sufficient to attribute all activity to ITG08, they align closely with the group's known actions. X-Force IRIS, an incident response and intelligence service, has encountered these TTPs in several attacks that were attributed to ITG08. The group's partnership with the TrickBot gang exemplifies their strategic approach to cybercrime. This collaboration provides ITG08 with new malware tools, potential access to enterprises infected with the TrickBot Trojan, and further evidence of their strategy to partner with other threat actors and malware developers. The use of TrickBot's Anchor malware framework by ITG08 demonstrates the group's adaptability and its commitment to adopting new malware to maintain its illicit activities. Moreover, ITG08 has been identified using a backdoor known as "More_eggs," according to past analysis by X-Force IRIS. This further underscores the group's persistent efforts to exploit vulnerabilities and infiltrate systems. In summary, ITG08 represents a significant threat to cybersecurity due to its sophisticated tactics, strategic partnerships, and constant evolution of malware usage.