PS

TA402TA402

Also known as: TA402

Origin
PS
Known aliases
1

Profile

TA402 is an APT group that has been tracked by Proofpoint since 2020. They primarily target government entities in the Middle East and North Africa, with a focus on intelligence collection. TA402 is known for using sophisticated phishing campaigns and constantly updating their malware implants and delivery methods to evade detection. They have been observed using cloud services like Dropbox and Google Drive for hosting malicious payloads and command-and-control infrastructure.

Aliases· 1

TA402

Compliance frameworks testing this (incoming)6

TypeTargetConfidenceTier
ComplianceControltiber_eu-generic100%live
ComplianceControlcra-art14100%live
ComplianceControliso27701-a.8.2.1100%live
ComplianceControlpci_dss_v4-r12100%live
ComplianceControlai_act-art9100%live
ComplianceControlai_act-art14100%live

References

  1. https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
  2. https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA482
Actor
TA406
Actor
APT42
Actor
TAG-140
Actor
APT.3102
Actor
APT41
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.