← Back to Actors
TA2541
TA2541
[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)
29
Techniques
29
Covered
0
Gaps
100%
Coverage
Coverage29/29
COVERED (29)
T1016.001Internet Connection Discovery6 det.T1027.002Software Packing2 det.T1027.013Encrypted/Encoded File8 det.T1027.015Compression2 det.T1036.005Match Legitimate Resource Name or Location45 det.T1047Windows Management Instrumentation88 det.T1053.005Scheduled Task100 det.T1055Process Injection81 det.T1055.012Process Hollowing9 det.T1059.001PowerShell372 det.T1059.005Visual Basic69 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer184 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1218.005Mshta49 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1562.001Disable or Modify Tools316 det.T1566.001Spearphishing Attachment979 det.T1566.002Spearphishing Link1005 det.T1568Dynamic Resolution11 det.T1573.002Asymmetric Cryptography6 det.T1583.001Domains62 det.T1583.006Web Services1 det.T1588.001Malware2 det.T1588.002Tool13 det.T1608.001Upload Malware3 det.T1685Disable or Modify Tools279 det.