Ta4557

Malware updated a month ago (2024-11-29T14:09:18.327Z)

Download STIX

Preview STIX

TA4557 is a malicious software (malware) that has been uniquely identified by cybersecurity firm Proofpoint due to its distinctive use of tools, campaign targeting, evasion measures, and controlled infrastructure. This malware is particularly notable for its sophisticated spear-phishing strategy, where the threat actor poses as a job applicant to targeted companies. In campaigns observed in early November 2023, TA4557 would ask recipients to refer to the domain name of their email address to access the supposed portfolio, rather than sending the CV website URL directly in a follow-up response. This method is a deviation from traditional direct email attacks, making it harder to detect. The attack commences with an innocuous email and culminates in the deployment of the malware. The malware used by TA4557, known as More_Eggs, hijacks legitimate software functions to establish a backdoor and gather more information about the victim's system. It's worth noting that the exact identity of TA4557 remains elusive due to overlaps in activity with other groups using More_Eggs, such as FIN6, Cobalt Group, and Evilnum. TA4557 employs advanced techniques to bypass common endpoint security measures like secure email gateways. The group lures job recruiters to attacker-controlled websites, exploiting their interest in potential candidates. Previously, Proofpoint had seen TA4557 submit applications containing malicious links through job sites, with the direct email spear-phishing campaign being the group's latest move. This financially motivated threat actor primarily targets recruiters on LinkedIn, distributing the More_Eggs backdoor for nefarious purposes.

Description last updated: 2024-05-04T18:19:31.773Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
More_eggs is a possible alias for Ta4557. More_eggs, also known as Golden Chickens, is a dangerous malware suite used by financially-motivated cybercrime actors such as the Cobalt Group and FIN6. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, a	2
FIN6 is a possible alias for Ta4557. FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor group associated with significant cyber-attacks. The group initially gained notoriety for successfully stealing credit cards through point of sale (POS) systems in retail and hospitality establishments, notably cau	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Proofpoint

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Ta4557 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Recruiters, beware of cybercrooks posing as job applicants!
CERT-EU	a year ago	Hiring? New scam campaign means ‘resume’ downloads may contain malware
CERT-EU	a year ago	Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access
CERT-EU	a year ago	Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware
CERT-EU	a year ago	Recruiters, beware of cybercrooks posing as job applicants! - Help Net Security
CERT-EU	a year ago	TA4557 Targets Recruiters Directly via Email – Global Security Mag Online
InfoSecurity-magazine	a year ago	Threat Actor Targets Recruiters With Malware