TR

TA482TA482

Also known as: TA482

Origin
TR
Known aliases
1

Profile

Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that target the social media accounts of mostly US-based journalists and media organizations. This victimology, TA482’s use of services originating from Turkey to host its domains and infrastructure, as well as Turkey’s history of leveraging social media to spread pro-President Recep Tayyip Erdogan and pro-Justice and Development Party (Turkey’s ruling party) propaganda support Proofpoint’s assessment that TA482 is aligned with the Turkish state.

Aliases· 1

TA482

Compliance frameworks testing this (incoming)1

TypeTargetConfidenceTier
ComplianceControltiber_eu-closure100%live

References

  1. https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA402
Actor
TA406
Actor
TA444
Actor
TA584
Actor
TA453
Actor
UTA0352
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.