TDR analysts released a report analysing the evolution of the **TA505** intrusion set activities over time. We focused on three early 2023 campaigns attributed to **TA505**, involving the exploitation of zero-day vulnerabilities in **GoAnywhere** and **PaperCut** software, as well as the wide distribution of the **LOBSHOT** malware using Google Ads. From our observations, **TA505** shows increased activity since early 2023, featuring an ever-changing set of techniques and malware arsenal. Related resources: * [FLINT 2023-026 - TA505: a sophisticated and evolving intrusion set ](https://app.sekoia.io/intelligence/objects/report--9f6f03cf-c1ef-4b86-9904-22bb4d655605) * [TA505 intrusion set page](https://app.sekoia.io/intelligence/objects/intrusion-set--047bb7e5-004a-4b48-9869-fe9f0f68f031) * [Clop malware page](https://app.sekoia.io/intelligence/objects/malware--8a4b367a-c20c-49fe-b35e-d22ce8f12def)