ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > TA530

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA530

NamesTA530 (Proofpoint)
MotivationFinancial crime
First seen2016
Description(Proofpoint) Since January 2016, a financially motivated threat actor whom Proofpoint has been tracking as TA530 has been targeting executives and other high-level employees, often through campaigns focused exclusively on a particular vertical. For example, intended victims frequently have titles of Chief Financial Officer, Head of Finance, Senior Vice President, Director and other high level roles.

Additionally, TA530 customizes the email to each target by specifying the target’s name, job title, phone number, and company name in the email body, subject, and attachment names. On several occasions, we verified that these details are correct for the intended victim. While we do not know for sure the source of these details, they frequently appear on public websites, such as LinkedIn or the company’s own website. The customization doesn't end with the lure; the malware used in the campaigns is also targeted by region and vertical.
ObservedSectors: Automotive, Construction, Education, Energy, Engineering, Financial, Food and Agriculture, Healthcare, Hospitality, Manufacturing, Media, Pharmaceutical, Retail, Technology, Telecommunications, Transportation, Utilities.
Countries: Australia, UK, USA.
Tools usedAbaddonPOS, August Stealer, CryptoWall, Dridex, Gozi ISFB, H1N1 Loader, Nymaim, Smoke Loader, TeamSpy, TinyLoader.
Operations performedNov 2016August in November: New Information Stealer Hits the Scene

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: TA505, Graceful Spider, Gold Evergreen
Next: TA555

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]