Tac5279

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
TAC5279 is a potent malware, designed to exploit and damage computer systems. This malicious software is known to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, TAC5279 can steal personal information, disrupt operations, or hold data hostage for ransom. The threat group associated with this malware, the TAC5279 affiliate group, is particularly active and poses a significant risk to organizations across multiple sectors and regions. Notably, those in the education and healthcare sectors have been identified as particularly vulnerable. The TAC5279 affiliate group has recently transitioned from deploying the Vice Society malware to using the Rhysida ransomware variant. Despite this shift, the group continues to employ many of the same tactics in their attacks on organizations. A review of leak site posts between January 2022 and October 2023 shows an overlap in the use of Vice Society and Rhysida during late June and early July. This suggests that the group was testing the efficacy of Rhysida while still deploying Vice Society. Sophos Rapid Response and Managed Detection and Response (MDR) cases have provided further insights into the commonly used tactics, techniques, and procedures (TTPs) by TAC5279. It is crucial for organizations, especially those in the education and healthcare sectors, to be aware of these TTPs and take necessary precautions. In this evolving threat landscape, staying updated about such changes in malware deployment is essential to safeguard sensitive data and maintain operational integrity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Vanilla Tempest
1
None
Vice Society
1
Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Lateral Move...
Malware
Vpn
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SystembcUnspecified
1
SystemBC is a malicious software (malware) that has been used in various cyber attacks to exploit and damage computer systems. This malware was observed in 2023, being heavily used with BlackBasta and Quicksand. It has been deployed by teams using BlackBasta during their attacks. Play ransomware act
Rhysida RansomwareUnspecified
1
Rhysida Ransomware is a type of malware that has been causing significant disruptions globally. The malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can ste
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RhysidaUnspecified
1
Rhysida, a ransomware-as-a-service (RaaS) group, emerged as a significant threat actor in May 2023. Initially targeting Windows, it later expanded its operations to Linux systems. The group is known for its distinct attack methodology that involves defense evasion, exfiltration of data for ransom, a
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ZerologonUnspecified
1
Zerologon is a critical vulnerability (CVE-2020-1472) found within Microsoft's Netlogon Remote Protocol, impacting all versions of Windows Server OS from 2008 onwards. This flaw in software design or implementation allows attackers to bypass authentication mechanisms and change computer passwords wi
Source Document References
Information about the Tac5279 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Same threats, different ransomware