This report analyzes the activities of two threat actor clusters: TA829 and UNK_GreenSec. TA829 conducts both espionage and cybercrime operations using tools like SingleCamper and DustyHammock. UNK_GreenSec deploys TransferLoader malware leading to ransomware infections. The actors share similarities in infrastructure, delivery tactics, and lure themes, raising questions about their relationship. Four hypotheses are presented regarding their potential connection, ranging from shared third-party services to being the same actor. The report highlights the increasing overlap between cybercrime and espionage activities, making attribution more challenging in the current threat landscape. Author: AlienVault
Related Tags:
Morpheus
ShadyHammock
MeltingClaw
RustyClaw
SlipScreen
TransferLoader
DustyHammock
SingleCamper
RomCom
Associated Indicators:
8F3B065E6AA6BC220867CDCB1C250C69B2D46422C51F66F25091F6CAB5D043DE
00385CAE3630694EB70E2B82D5BAA6130C503126C17DB3FC63376C7D28C04145
FBA9F2C351E898BFC61C8B1181020212CCB9E55041C4DD433CA2867DBF796469
3A234B49B834849689DA477F77CA6363B40EE83E58213EE51B1EC248DA90A543
33971DF8F5C34C3C79F64E2E28E300260499285BD37F77295BA88897728ACE4B
7E51EB44CFD945F4A155707F773FAE3207EBFB59D45EA866BA69BD9BC28DFC32
7FC65B23E0A85F548E4268B77B66A3C9F3D08B9C1817C99BC1336D51D36E1EC6
CD526475391C375E8E40F0146146672928DB9BBF210ACB41E0FD41381CD5EB9A
1C6A5476D485D311BE1E07C2E0D2AE322214CAA5D4F84398D4169D499105B01A