This report analyzes the activities of two threat actor clusters: TA829 and UNK_GreenSec. TA829 conducts both espionage and cybercrime operations using tools like SingleCamper and DustyHammock. UNK_GreenSec deploys TransferLoader malware leading to ransomware infections. The actors share similarities in infrastructure, delivery tactics, and lure themes, raising questions about their relationship. Four hypotheses are presented regarding their potential connection, ranging from shared third-party services to being the same actor. The report highlights the increasing overlap between cybercrime and espionage activities, making attribution more challenging in the current threat landscape. Author: AlienVault
Related Tags:
Morpheus
ShadyHammock
MeltingClaw
RustyClaw
SlipScreen
TransferLoader
DustyHammock
SingleCamper
RomCom
Associated Indicators:
00385CAE3630694EB70E2B82D5BAA6130C503126C17DB3FC63376C7D28C04145
FBA9F2C351E898BFC61C8B1181020212CCB9E55041C4DD433CA2867DBF796469
3A234B49B834849689DA477F77CA6363B40EE83E58213EE51B1EC248DA90A543
33971DF8F5C34C3C79F64E2E28E300260499285BD37F77295BA88897728ACE4B
CD526475391C375E8E40F0146146672928DB9BBF210ACB41E0FD41381CD5EB9A
1C6A5476D485D311BE1E07C2E0D2AE322214CAA5D4F84398D4169D499105B01A
E7917FF12114BE5C79CA9BD0082EB628192C2EBFBEE7AAD2AE626EA208EE37CF
6D5226CBA687D99CE14EDA8DE290EDD470E79436625618559C8DB1458A53666C
54A94C7EC259104478B40FD0E6325D1F5364351E6CE1ADFD79369D6438ED6ED9