Cyber Resilience

Threat actor · all actors

TA2541G1018 unknown

aka TA2541

Last updated: 2026-07-03

0attributed CVEs
42ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-425 / 4260%
SI-324 / 4257%
CM-622 / 4252%
CM-221 / 4250%
CM-717 / 4240%
CA-716 / 4238%
SC-713 / 4231%
SI-713 / 4231%
AC-312 / 4229%
AC-612 / 4229%
SI-212 / 4229%
AC-211 / 4226%
AC-411 / 4226%
RA-510 / 4224%
SI-109 / 4221%

Co-occurring actors

None.

Similar actors