← Back to Actors
TA2541
TA2541
[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)
29
Techniques
29
Covered
0
Gaps
100%
Coverage
Coverage29/29
COVERED (29)
T1016.001Internet Connection Discovery6 det.T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File8 det.T1027.015Compression2 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation87 det.T1053.005Scheduled Task99 det.T1055Process Injection79 det.T1055.012Process Hollowing9 det.T1059.001PowerShell368 det.T1059.005Visual Basic68 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer183 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1218.005Mshta49 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1562.001Disable or Modify Tools311 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1568Dynamic Resolution10 det.T1573.002Asymmetric Cryptography6 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1588.001Malware2 det.T1588.002Tool13 det.T1608.001Upload Malware3 det.T1685Disable or Modify Tools278 det.