New APT Group Impersonates Government Agencies to Spread Malware

12 - 18 November 2019

A new threat group known as TA2101 has been impersonating government agencies to spread malware.

A new threat group known as TA2101 has been impersonating the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency to spread malware. The phishing campaigns delivering malicious attachments were observed since the end of October and required users to enable macros after opening the attachment. This would initiate the download of the Cobalt Strike pentesting tool or the IcedID banking trojan, which could be used to install and execute second stage payloads. The threat actors also targeted IT support companies to distribute the Maze ransomware to all customers of the managed service provider.


TA2101 Plays Government Imposter to Distribute Malware to German, Italian, and US Organizations

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence