TA505 Hackers Deploy TeslaGun Panel to Manage ServHelper Backdoor Attacks
Reading Time: 2 minutes

Cybersecurity researchers discovered TA505 Hackers deploy Teslagun Panel to manage ServHelper Backdoor Attacks. 

Swiss cybersecurity firm PRODAFT said, “The group frequently changes its malware attack strategies in response to global cybercrime trends. It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on.”

The Russian hacking group TA505 is behind a few hacking and ransomware schemes in recent years. They have many aliases such as Evil Corp, Gold Drake, Dudear, Indrik Spider and SectorJ04.

It is said to be connected to the September 2021 Robin and the Raspberry attacks, which share similar malware with Dridex.

FlawedAmmyy, Neutrino botnet, and a backdoor called ServHelper are other malware families associated with this group. FlawedGrace is a remote access trojan available through one variant of ServHelper.

TeslaGun, which is used by the adversary, is a Command-and-Control (C2) framework to control all compromised devices.

When trying to breach a network, the threat actors often use shielded networks (RDP) to connect.

Throughout July and 2020, at least 3,667 U.S. citizens have been targeted, followed by 647 Russians, 483 Brazilians, 444 Romanians and 359 Americans.
TA505 Hackers Deploy TeslaGun Panel to Manage ServHelper Backdoor Attacks_2

Screenshot of TA505 Member Installing sep12.exe into victim device in real timeThe TeslaGun group is looking for potential targets. The researchers noted that they may be looking for people with online banking or retail accounts, including crypto-wallets and e-commerce properties.

Contending with new security threats to the health sector, HHS warns significant health data expropriations and ransomware operations can be a significant threat to public health.

The Health Sector Cybersecurity Coordination Center said that Evil Corp has a wide set of tools at their disposal. To create a security breach on endpoint systems, they use tools seen in the real world.

Related Articles:
SharkBot Android Banking Trojan Discovered Using Fake Antivirus and Cleaner Apps
Ransomware Attackers Exploit Genshin Impact Anti-Cheat System to Disable Antivirus
New EvilProxy Phishing Service Allows Cybercriminals to Bypass 2-Factor Security