APT / THREAT GROUP

TA482

🇹🇷Turkey-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that target the social media accounts of mostly US-based journalists and media organizations. This victimology, TA482’s use of services originating from Turkey to host its domains and infrastructure, as well as Turkey’s history of leveraging social media to spread pro-President Recep Tayyip Erdogan and pro-Justice and Development Party (Turkey’s ruling party) propaganda support Proofpoint’s assessment that TA482 is aligned with the Turkish state.

Threat Analysis

TA482 is a known-sophistication threat actor attributed to Turkey, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

TA482 — Active Operations March 2026

TA482 is a unknown-motivation threat actor attributed to TR. Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that target the social media accounts of mostly US-based journalists and media organizations. This victimology, TA482’s use of s...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇹🇷 Turkey
Aliases1
SourceMalpedia

Also Known As

TA482

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.