ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > TA2722

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA2722

NamesTA2722 (Proofpoint)
Balikbayan Foxes (Proofpoint)
Country[Unknown]
MotivationInformation theft and espionage
First seen2020
Description(Proofpoint) Proofpoint identified a new and highly active cybercriminal threat actor, TA2722, colloquially referred to by Proofpoint threat researchers as the Balikbayan Foxes. Throughout 2021, a series of campaigns impersonated multiple Philippine government entities including the Department of Health, the Philippine Overseas Employment Administration (POEA), and the Bureau of Customs. Other related campaigns masqueraded as the Manila embassy for the Kingdom of Saudi Arabia (KSA) and DHL Philippines. The messages were intended for a variety of industries in North America, Europe, and Southeast Asia, with the top sectors including Shipping, Logistics, Manufacturing, Business Services, Pharmaceutical, Energy, and Finance.
ObservedSectors: Energy, Financial, Manufacturing, Pharmaceutical, Shipping and Logistics.
Countries: USA and Europe and Southeast Asia.
Tools usedNanoCore RAT, RemcosRAT.
Information<https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread>

Last change to this card: 04 November 2021

Download this actor card in PDF or JSON format

Previous: TA2552
Next: TA413

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key