Looking Behind the Curtain at the Palestinian-Aligned TA402

DISCARDED: Tales From the Threat Research Trenches - A podcast by Proofpoint

Categories:

While the current Israeli/Palestinian conflict is on everyone’s minds, how many are thinking about the repercussions of cyber security? Today’s guest is returning guest, Joshua Miller, Senior Threat Researcher on the APT team at Proofpoint. While he focuses on different Middle East, North African state-aligned threats, he is talking today about a Palestinian-aligned threat group coined TA402.While there is no direct link to Hamas, their activities support the Palestinian Territories. Joshua paints a vivid picture of TA402's usual targets, strategies, and tactics, highlighting their geofencing techniques and their crafty use of compromised government agency accounts. The recent evolution of their attack chain, involving Dropbox and DLL side loading, is dissected in intricate detail, offering a glimpse into the evolving landscape of cyber threats.This discussion not only provides insights into TA402's modus operandi but also emphasizes its distinctiveness from its previous malware campaigns. TIMESTAMPS[1:35] Length of time tracking TA402[3:00] Differences between known government threat actors vs TA402[7:00] Other groups involved in the Israeli/Palestinian War[10:40] Normal victimology from this type of threat actor[12:30] Comparison of tactics that TA402 is deploying[19:20] Difficulties in tracking TA402Resources mentioned:Ugg Boots 4 Sale: A Tale of Palestinian-Aligned EspionageNew TA402 Molerats Malware Targets Governments in the Middle Easthttps://malpedia.caad.fkie.fraunhofer.de/actor/aridviper https://www.proofpoint.com/us/blog/threat-insight/exploiting-covid-19-how-threat-actors-hijacked-pandemic For more information, check out our website.