 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: TA2722| Names | TA2722 (Proofpoint) Balikbayan Foxes (Proofpoint) | |
| Country | [Unknown] | |
| Motivation | Information theft and espionage | |
| First seen | 2020 | |
| Description | (Proofpoint) Proofpoint identified a new and highly active cybercriminal threat actor, TA2722, colloquially referred to by Proofpoint threat researchers as the Balikbayan Foxes. Throughout 2021, a series of campaigns impersonated multiple Philippine government entities including the Department of Health, the Philippine Overseas Employment Administration (POEA), and the Bureau of Customs. Other related campaigns masqueraded as the Manila embassy for the Kingdom of Saudi Arabia (KSA) and DHL Philippines. The messages were intended for a variety of industries in North America, Europe, and Southeast Asia, with the top sectors including Shipping, Logistics, Manufacturing, Business Services, Pharmaceutical, Energy, and Finance. | |
| Observed | Sectors: Energy, Financial, Manufacturing, Pharmaceutical, Shipping and Logistics. Countries: USA and Europe and Southeast Asia. | |
| Tools used | NanoCore RAT, RemcosRAT. | |
| Information | <https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-spoofs-philippine-government-covid-19-health-data-widespread> | |
Last change to this card: 04 November 2021
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |