TA410: APT10’s distant cousin

Botconf 2022
2023-04-23 | 14:35 – 15:05

Alexandre Côté Cyr 🗣 | Matthieu Faou 🗣

TA410 is a cyber-espionage group that was first described in August 2019 by fellow researchers at Proofpoint. The threat actor shows interesting technical capabilities, with the use of complex implants, but has not received the same level of attention from the threat intelligence community as most major APTs.

TA410’s activity shares some characteristics, such as similar VBA macros, with past APT10 operations, but these are not sufficient to link them as a single entity. As such, some public reports have mis-attributed TA410 activities to APT10. In this presentation, we will clarify what is TA410 and how its activities differ from the current activities of APT10.

Slides Icon

Scroll to Top