Financially motivated Russian cybercrime operation TA505, also known as Evil Corp, Indrik Spider, Dudear, Gold Drake, and SectorJ04,
has been leveraging the TeslaGun control panel for managing ServHelper backdoor attacks, reports The Hacker News
Aside from featuring support for issuing commands, TeslaGun also enables attackers to simultaneously send a single command to all victim devices or configure the panel to allow automatic execution of a predefined command upon the inclusion of a new victim, a report from PRODAFT revealed.
"The TeslaGun panel has a pragmatic, minimalist design. The main dashboard only contains infected victim data, a generic comment section for each victim, and several options for filtering victim records," said researchers.
Further analysis of the panel revealed that at least 8,160 targets have been impacted by TA505 since July 2020, with most of the targets located in the U.S.
"It is clear that TA505 is actively looking for online banking or retail users, including crypto-wallets and e-commerce accounts," researchers added.