← Back to Actors
TA2541
TA2541
[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)
28
Techniques
28
Covered
0
Gaps
100%
Coverage
Coverage28/28
COVERED (28)
T1016.001Internet Connection Discovery6 det.T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File7 det.T1027.015Compression2 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation85 det.T1053.005Scheduled Task82 det.T1055Process Injection76 det.T1055.012Process Hollowing8 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1082System Information Discovery80 det.T1105Ingress Tool Transfer170 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1218.005Mshta46 det.T1518.001Security Software Discovery8 det.T1547.001Registry Run Keys / Startup Folder50 det.T1562.001Disable or Modify Tools300 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1568Dynamic Resolution10 det.T1573.002Asymmetric Cryptography6 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1588.001Malware2 det.T1588.002Tool13 det.T1608.001Upload Malware2 det.