ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > TA2722

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA2722

NamesTA2722 (Proofpoint)
Balikbayan Foxes (Proofpoint)
MotivationInformation theft and espionage
First seen2020
Description(Proofpoint) Proofpoint identified a new and highly active cybercriminal threat actor, TA2722, colloquially referred to by Proofpoint threat researchers as the Balikbayan Foxes. Throughout 2021, a series of campaigns impersonated multiple Philippine government entities including the Department of Health, the Philippine Overseas Employment Administration (POEA), and the Bureau of Customs. Other related campaigns masqueraded as the Manila embassy for the Kingdom of Saudi Arabia (KSA) and DHL Philippines. The messages were intended for a variety of industries in North America, Europe, and Southeast Asia, with the top sectors including Shipping, Logistics, Manufacturing, Business Services, Pharmaceutical, Energy, and Finance.
ObservedSectors: Energy, Financial, Manufacturing, Pharmaceutical, Shipping and Logistics.
Countries: USA and Europe and Southeast Asia.
Tools usedNanoCore RAT, RemcosRAT.

Last change to this card: 04 November 2021

Download this actor card in PDF or JSON format

Previous: TA2552
Next: TA413

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]