skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

TA397 Targets Turkish Defense Sector with Malware Attack

/ 1 min read

🦅 APT TA397 Targets Turkish Defense Sector with Sophisticated Malware Attack. Proofpoint has reported that the advanced persistent threat group TA397 executed a targeted attack on a Turkish defense organization, using a spearphishing email that contained a RAR archive with a decoy PDF about Madagascar’s infrastructure projects. The attack employed alternate data streams to deliver a shortcut file that created a scheduled task on the victim’s machine, ultimately deploying WmRAT and MiyaRAT malware for intelligence gathering. This campaign is believed to support the interests of a South Asian government, highlighting TA397’s ongoing focus on espionage against defense and public sector entities in the EMEA and APAC regions. The analysis provides insights into TA397’s tactics, techniques, and procedures, aiding in the defense against such intrusions.

Source
{entry.data.source.title}
Original