Ta4557

Malware updated 6 months ago (2024-05-04T19:18:28.380Z)
Download STIX
Preview STIX
TA4557 is a malicious software (malware) that has been uniquely identified by cybersecurity firm Proofpoint due to its distinctive use of tools, campaign targeting, evasion measures, and controlled infrastructure. This malware is particularly notable for its sophisticated spear-phishing strategy, where the threat actor poses as a job applicant to targeted companies. In campaigns observed in early November 2023, TA4557 would ask recipients to refer to the domain name of their email address to access the supposed portfolio, rather than sending the CV website URL directly in a follow-up response. This method is a deviation from traditional direct email attacks, making it harder to detect. The attack commences with an innocuous email and culminates in the deployment of the malware. The malware used by TA4557, known as More_Eggs, hijacks legitimate software functions to establish a backdoor and gather more information about the victim's system. It's worth noting that the exact identity of TA4557 remains elusive due to overlaps in activity with other groups using More_Eggs, such as FIN6, Cobalt Group, and Evilnum. TA4557 employs advanced techniques to bypass common endpoint security measures like secure email gateways. The group lures job recruiters to attacker-controlled websites, exploiting their interest in potential candidates. Previously, Proofpoint had seen TA4557 submit applications containing malicious links through job sites, with the direct email spear-phishing campaign being the group's latest move. This financially motivated threat actor primarily targets recruiters on LinkedIn, distributing the More_Eggs backdoor for nefarious purposes.
Description last updated: 2024-05-04T18:19:31.773Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
More_eggs is a possible alias for Ta4557. More_eggs, also known as Golden Chickens, is a dangerous malware suite used by financially-motivated cybercrime actors such as the Cobalt Group and FIN6. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, a
2
FIN6 is a possible alias for Ta4557. FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor group associated with significant cyber-attacks. The group initially gained notoriety for successfully stealing credit cards through point of sale (POS) systems in retail and hospitality establishments, notably cau
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Proofpoint
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.