loader gif

Cyber-crime group TA505 using legitimate remote administration tool to target organisations

Cyber-crime group TA505 using legitimate remote administration tool to target organisations (Threat Actors)

Security researchers have uncovered how TA505, a cyber-crime group composed of Russian-speaking members, has been leveraging a legitimate remote administration tool called ‘Remote Manipulator system’ to target major retailers and financial organisations in the United States, Chile, India, Italy, Malawi, Pakistan, and South Korea. They noted that TA505, and also some other cyber-crime groups, have been trying to gain access to systems containing valuable data by leveraging legitimate remote access tools that enable them to conduct reconnaissance and lateral movement within a victim network. In many cases, the initial payload is the legitimate remote access tool called ‘Remote Manipulator system’ along with supporting shell scripts (BAT) and configuration files. According to CyberInt researchers, the legitimate remote access tool was used to target several retailers in the United States in November last year and was again used to target financial organisations in Chile, India, Italy, Malawi, Pakistan and South Korea with some organisations in China, Great Britain, France and the United States also reporting similar attacks.

loader gif