ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > TA459

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA459

NamesTA459 (Proofpoint)
CountryChina China
MotivationInformation theft and espionage
First seen2017
Description(Proofpoint) On April 20 [2017], Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries. These analysts were linked by their coverage of the telecommunications industry, making this targeting very similar to, and likely a continuation of, activity described in our “In Pursuit of Optical Fibers and Troop Intel” blog. This time, however, attackers opportunistically used spear-phishing emails with a Microsoft Word attachment exploiting the recently patched CVE-2017-0199 to deploy the ZeroT Trojan, which in turn downloaded the PlugX Remote Access Trojan (RAT).

Proofpoint is tracking this attacker, believed to operate out of China, as TA459. The actor typically targets Central Asian countries, Russia, Belarus, Mongolia, and others. TA549 possesses a diverse malware arsenal including PlugX, NetTraveler, and ZeroT.
ObservedSectors: Financial, Telecommunications and journalists.
Countries: Belarus, Mongolia, Russia and Central Asia others.
Tools usedGh0st RAT, NetTraveler, PlugX, ZeroT.
Operations performedApr 2022Tracing State-Aligned Activity Targeting Journalists, Media

Last change to this card: 20 July 2022

Download this actor card in PDF or JSON format

Previous: TA428
Next: TA505, Graceful Spider, Gold Evergreen

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]