"Cyberespionage APT Now Identified as Three Separate Actors"

The threat group known as TA410 has been found to be composed of three groups, each of which has its own toolsets and targets. The threat group, which has launched sophisticated cyberespionage attacks against US utilities, has been in operation globally since 2018. TA410 is loosely linked to APT10, a group associated with China's Ministry of State Security. According to researchers at the security firm ESET, the group has also targeted diplomatic organizations in the Middle East and Africa. Although TA410 seems to have been active since 2018, it came to researchers' attention in 2019 when Proofpoint discovered a phishing campaign targeting US utilities sector companies that involved the use of a novel malware dubbed LookBack. A year later, the threat group reemerged with a sophisticated Remote Access Trojan (RAT) called FlowCloud targeting Windows systems in the US utilities sector. FlowCloud is capable of accessing installed applications as well as controlling the keyboard, mouse, screen, and more, on an infected computer. ESET researchers have discovered that FlowingFrog, LookingFrog, and JollyFrog make up TA410. The subgroups have overlaps in tactics, techniques, and procedures (TTPs), victimology, and infrastructure. They primarily target government or education organizations. This article continues to discuss the identification of TA410 as three separate groups and key findings surrounding each of the subgroups. 

Threatpost reports "Cyberespionage APT Now Identified as Three Separate Actors"