Picus Threat Library Updated for Lempo Malware of the TA456 (Tortoiseshell, Imperial Kitten) Threat Group

Picus Labs has updated the Picus Threat Library with new attack methods for Lempo malware samples used by the TA456 (also known as Tortoiseshell and Imperial Kitten)  Advanced Persistent Threat (APT) Group, operating since 2018. OilRig is believed to be an Iranian government-aligned threat group that has targeted victims in Middle East countries and USA. The majority of the group's targets are in the government, defense, and IT sectors. TA456 (Tortoiseshell) mainly uses backdoors (e.g. Syskit), remote access trojans - RATs (e.g. IvizTech), and reconnaissance tools (e.g. Liderc) in their attack campaigns.

The TA456 APT Group's Latest Malware: Lempo

The Iranian-state linked threat actor TA456 has been discovered by Proofpoint researchers as being behind a years-long social engineering and targeted malware campaign. TA456 spent years pretending to be "Marcella Flores" in order to infect the computer of an aerospace defense contractor employee with LEMPO malware,  which is designed by the threat actor to build persistence, conduct reconnaissance, and exfiltrate sensitive data. According to Proofpoint researchers, smaller subsidiaries and contractors are actively targeted by TA456 in support of efforts to compromise major defense firms through a supply chain breach.

Picus Labs has updated the Picus Threat Library with the Lempo malware utilized by TA456 threat actor:

Other TA456 (Tortoiseshell, Imperial Kitten) Threats in Picus Threat Library

Following threats are added in 2019 during the previous campaign of TA456, named as Tortoiseshell by Symantec.

Threat Groups in Picus Threat Library

Picus Threat Library is the most comprehensive Threat Library in the "Continuous Security Validation" / "Breach and Attack Simulation (BAS)" industry. As of August 6, 2021, Picus Threat Library includes 2000+ threats for 200+ threat groups.