APT / THREAT GROUP💰 FINANCIALHIGH

TA571

1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing emails with macro-enabled attachments to spread malicious PDFs containing rogue OneDrive links. TA571 has been observed using unique filtering techniques with intermediary "gates" to target specific users and bypass automated sandboxing. Proofpoint assesses with high confidence that TA571 infections can lead to ransomware.

Threat Analysis

TA571 is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like TA571 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, TA571 is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases1
SourceMalpedia

Also Known As

TA571

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
TA571 — APT / Threat Group | Threat Intelligence | CTIWATCH.COM