RU
TA829TA829
Also known as: TA829
Origin
RU
Known aliases
1
Profile
TA829 is a Russia-aligned threat actor that employs the RomCom RAT for intelligence-gathering and financially motivated cyberattacks, exploiting zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows. The group utilizes REM Proxy services hosted on compromised MikroTik routers to relay traffic and disguise its origin. In their operations, victims targeted by TA829 receive a strain known as SlipScreen, while their infrastructure and tactics show significant similarities to those of UNK_GreenSec. TA829's hybrid approach combines espionage with financial fraud, making it a notable player in the cyber threat landscape.
Aliases· 1
TA829
Compliance frameworks testing this (incoming)5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | iso27701-a.8.2.1 | 100% | live |
| ComplianceControl | owasp_top10-a05 | 100% | live |
| ComplianceControl | tiber_eu-testing | 100% | live |
| ComplianceControl | owasp_top10-a04 | 100% | live |
| ComplianceControl | pci_dss_v4-r1 | 100% | live |
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.