Home > List all groups > TA459

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA459

NamesTA459 (Proofpoint)
CountryChina China
MotivationInformation theft and espionage
First seen2017
Description(Proofpoint) On April 20 [2017], Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries. These analysts were linked by their coverage of the telecommunications industry, making this targeting very similar to, and likely a continuation of, activity described in our “In Pursuit of Optical Fibers and Troop Intel” blog. This time, however, attackers opportunistically used spear-phishing emails with a Microsoft Word attachment exploiting the recently patched CVE-2017-0199 to deploy the ZeroT Trojan, which in turn downloaded the PlugX Remote Access Trojan (RAT).

Proofpoint is tracking this attacker, believed to operate out of China, as TA459. The actor typically targets Central Asian countries, Russia, Belarus, Mongolia, and others. TA549 possesses a diverse malware arsenal including PlugX, NetTraveler, and ZeroT.
ObservedSectors: Financial, Telecommunications.
Countries: Belarus, Mongolia, Russia and Central Asia others.
Tools usedGh0st RAT, NetTraveler, PlugX, ZeroT.

Last change to this card: 21 April 2020

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key