TDR analysts released a report analysing the evolution of the TA505 intrusion set activities over time. We focused on three early 2023 campaigns attributed to TA505, involving the exploitation of zero-day vulnerabilities in GoAnywhere and PaperCut software, as well as the wide distribution of the LOBSHOT malware using Google Ads.

From our observations, TA505 shows increased activity since early 2023, featuring an ever-changing set of techniques and malware arsenal.

Related resources:

• FLINT 2023-026 - TA505: a sophisticated and evolving intrusion set
  
• TA505 intrusion set page
• Clop malware page