Ta4557

Malware updated 4 months ago (2024-05-04T19:18:28.380Z)

Download STIX

Preview STIX

TA4557 is a malicious software (malware) that has been uniquely identified by cybersecurity firm Proofpoint due to its distinctive use of tools, campaign targeting, evasion measures, and controlled infrastructure. This malware is particularly notable for its sophisticated spear-phishing strategy, where the threat actor poses as a job applicant to targeted companies. In campaigns observed in early November 2023, TA4557 would ask recipients to refer to the domain name of their email address to access the supposed portfolio, rather than sending the CV website URL directly in a follow-up response. This method is a deviation from traditional direct email attacks, making it harder to detect. The attack commences with an innocuous email and culminates in the deployment of the malware. The malware used by TA4557, known as More_Eggs, hijacks legitimate software functions to establish a backdoor and gather more information about the victim's system. It's worth noting that the exact identity of TA4557 remains elusive due to overlaps in activity with other groups using More_Eggs, such as FIN6, Cobalt Group, and Evilnum. TA4557 employs advanced techniques to bypass common endpoint security measures like secure email gateways. The group lures job recruiters to attacker-controlled websites, exploiting their interest in potential candidates. Previously, Proofpoint had seen TA4557 submit applications containing malicious links through job sites, with the direct email spear-phishing campaign being the group's latest move. This financially motivated threat actor primarily targets recruiters on LinkedIn, distributing the More_Eggs backdoor for nefarious purposes.

Description last updated: 2024-05-04T18:19:31.773Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
More_eggs	2	More_eggs, also known as Golden Chickens, is a malware suite utilized by financially motivated cybercrime actors such as Cobalt Group and FIN6. This malware-as-a-service (MaaS) offering has been identified as the "cyber weapon of choice" by Russia-based cyber gangs. It was first seen in email campai
FIN6	2	FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Proofpoint

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Ta4557 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Recruiters, beware of cybercrooks posing as job applicants!
CERT-EU	9 months ago	Hiring? New scam campaign means ‘resume’ downloads may contain malware
CERT-EU	9 months ago	Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access
CERT-EU	9 months ago	Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware
CERT-EU	9 months ago	Recruiters, beware of cybercrooks posing as job applicants! - Help Net Security
CERT-EU	9 months ago	TA4557 Targets Recruiters Directly via Email – Global Security Mag Online
InfoSecurity-magazine	9 months ago	Threat Actor Targets Recruiters With Malware