TA2541

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

MITRE ATT&CK: View on MITRE

Techniques Used (28)

ID	ATT&CK	Tactics
T1016.001	Internet Connection Discovery	-
T1027.002	Software Packing	-
T1027.013	Encrypted/Encoded File	-
T1027.015	Compression	-
T1036.005	Match Legitimate Resource Name or Location	-
T1047	Windows Management Instrumentation	-
T1053.005	Scheduled Task	-
T1055	Process Injection	-
T1055.012	Process Hollowing	-
T1059.001	PowerShell	-
T1059.005	Visual Basic	-
T1082	System Information Discovery	-
T1105	Ingress Tool Transfer	-
T1204.001	Malicious Link	-
T1204.002	Malicious File	-

References (1)

proofpoint.com - Charting Ta2541s Flight

Related Malware (9)

Agent Tesla
other

AsyncRAT
tool

Imminent Monitor
tool

jRAT
other

NETWIRE
other

njRAT
other

Revenge RAT
other

Snip3
other

WarzoneRAT
other

Metadata

ID:	343
Created:	13/01/2026 17:48
Updated:	21/04/2026 04:00