RU
TA570TA570
Also known as: DEV-0450 · TA570
Origin
RU
Known aliases
2
Profile
TA570 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0450. Original record: One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.
Aliases· 2
DEV-0450TA570
Compliance frameworks testing this (incoming)8
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | owasp_api_top10-api10 | 100% | live |
| ComplianceControl | iso27701-a.7.2.1 | 100% | live |
| ComplianceControl | iso27701-a.7.3.6 | 100% | live |
| ComplianceControl | cra-annexi-2 | 100% | live |
| ComplianceControl | tiber_eu-testing | 100% | live |
| ComplianceControl | owasp_llm_top10-llm08 | 100% | live |
| ComplianceControl | ai_act-art9 | 95% | live |
| ComplianceControl | cra-art14 | 95% | live |
References
- https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware
- https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/
- https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728
- https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.