Picus Threat Library Updated for Lempo Malware of the TA456 (Tortoiseshell, Imperial Kitten) Threat Group

Picus Labs has updated the Picus Threat Library with new attack methods for Lempo malware samples used by the TA456 (also known as Tortoiseshell and Imperial Kitten) Advanced Persistent Threat (APT) Group, operating since 2018. OilRig is believed to be an Iranian government-aligned threat group that has targeted victims in Middle East countries and USA. The majority of the group's targets are in the government, defense, and IT sectors. TA456 (Tortoiseshell) mainly uses backdoors (e.g. Syskit), remote access trojans - RATs (e.g. IvizTech), and reconnaissance tools (e.g. Liderc) in their attack campaigns.

The TA456 APT Group's Latest Malware: Lempo

The Iranian-state linked threat actor TA456 has been discovered by Proofpoint researchers as being behind a years-long social engineering and targeted malware campaign. TA456 spent years pretending to be "Marcella Flores" in order to infect the computer of an aerospace defense contractor employee with LEMPO malware, which is designed by the threat actor to build persistence, conduct reconnaissance, and exfiltrate sensitive data. According to Proofpoint researchers, smaller subsidiaries and contractors are actively targeted by TA456 in support of efforts to compromise major defense firms through a supply chain breach.

Picus Labs has updated the Picus Threat Library with the Lempo malware utilized by TA456 threat actor:

Picus ID	Threat Name
629261	LEMPO Trojan used by TA456 Threat Group .VBS File Download Variant-1
494305	LEMPO Trojan used by TA456 Threat Group .VBS File Download Variant-2
737305	LEMPO Trojan used by TA456 Threat Group .VBS File Download Variant-3
819693	LEMPO Trojan used by TA456 Threat Group .VBS File Download Variant-4
889632	LEMPO Downloader used by TA456 Threat Group .XLS File Download Variant-1
358399	LEMPO Downloader used by TA456 Threat Group .XLS File Download Variant-2

Other TA456 (Tortoiseshell, Imperial Kitten) Threats in Picus Threat Library

Following threats are added in 2019 during the previous campaign of TA456, named as Tortoiseshell by Symantec.

Picus ID	Threat Name
737305	Trojan Malware used by Tortoiseshell Threat Group .EXE File Download Variant-1
475500	Trojan Malware used by Tortoiseshell Threat Group .EXE File Download Variant-2

Threat Groups in Picus Threat Library

Picus Threat Library is the most comprehensive Threat Library in the "Continuous Security Validation" / "Breach and Attack Simulation (BAS)" industry. As of August 6, 2021, Picus Threat Library includes 2000+ threats for 200+ threat groups.

The Picus Threat Library update focuses on new attack methods for Lempo malware samples used by the TA456 (Tortoiseshell, Imperial Kitten) Advanced Persistent Threat (APT) Group. **

The TA456 threat group, believed to be aligned with the Iranian government, primarily targets government, defense, and IT sectors. They are known for using social engineering and targeted malware campaigns, including pretending to be individuals to infiltrate organizations. **

The TA456 group uses backdoors, remote access trojans (RATs), and reconnaissance tools in their attack campaigns. **

The Lempo malware is designed to build persistence, conduct reconnaissance, and exfiltrate sensitive data, often targeting subsidiaries and contractors to compromise larger defense firms through supply chain breaches. **

As of August 6, 2021, the Picus Threat Library includes over 2000 threats for more than 200 threat groups, making it highly comprehensive in the "Continuous Security Validation" and "Breach and Attack Simulation (BAS)" industry. These questions and answers can be used to enhance the FAQ section of your page, optimizing it for answer engines.