Teamspy

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
TeamSpy is a threat actor group known for executing actions with malicious intent. They've gained notoriety for their use of sophisticated malware, notably targeting users through a malicious TeamViewer app, as reported in various sources. This group has been active since at least 2012, with their activities peaking during 2012 and 2013. During this time, they deployed plugins that showed striking similarities to the tools used by another threat group, IRON LYRIC. A key development in understanding TeamSpy's activities came in 2018 when Karagany malware was compiled. The plugins deployed by this malware contained links and similarities to the tools previously used by TeamSpy, suggesting a shared codebase between TeamSpy (also known as IRON LYRIC) and IRON LIBERTY. These findings led CTU researchers to track IRON LYRIC as a distinct threat group, further highlighting the complex web of connections within the cyber threat landscape. In 2013, a third-party report on the TeamSpy group described a keylogger that bore resemblance to samples analyzed by CTU researchers in 2018. This indicates a consistent pattern in TeamSpy's tactics over the years, reinforcing their reliance on similar techniques for their malicious campaigns. As such, it is imperative to understand and monitor the evolving strategies of groups like TeamSpy to effectively counteract their threats and safeguard digital assets.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
IRON LIBERTYUnspecified
1
Iron Liberty is a threat actor group that has been active since at least 2010, as per the timeline of activity observed by CTU researchers. The group specializes in cyber espionage and has been particularly focused on targeting Industrial Control Systems (ICS) companies within the energy sector. Iro
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Teamspy Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Resurgent Iron Liberty Targeting Energy Sector
CERT-EU
a year ago
Fake TeamViewer Installer Used to Deliver njRAT Malware
MITRE
a year ago
Updated Karagany Malware Targets Energy Sector
CERT-EU
10 months ago
Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks