Tac5279

TAC5279 is a potent malware, designed to exploit and damage computer systems. This malicious software is known to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, TAC5279 can steal personal information, disrupt operations, or hold data hostage for ransom. The threat group associated with this malware, the TAC5279 affiliate group, is particularly active and poses a significant risk to organizations across multiple sectors and regions. Notably, those in the education and healthcare sectors have been identified as particularly vulnerable. The TAC5279 affiliate group has recently transitioned from deploying the Vice Society malware to using the Rhysida ransomware variant. Despite this shift, the group continues to employ many of the same tactics in their attacks on organizations. A review of leak site posts between January 2022 and October 2023 shows an overlap in the use of Vice Society and Rhysida during late June and early July. This suggests that the group was testing the efficacy of Rhysida while still deploying Vice Society. Sophos Rapid Response and Managed Detection and Response (MDR) cases have provided further insights into the commonly used tactics, techniques, and procedures (TTPs) by TAC5279. It is crucial for organizations, especially those in the education and healthcare sectors, to be aware of these TTPs and take necessary precautions. In this evolving threat landscape, staying updated about such changes in malware deployment is essential to safeguard sensitive data and maintain operational integrity.