TA4922 is a Chinese-speaking cybercrime group that has expanded its operations across Asia, Europe, and South Africa by using social engineering, phishing, and multiple malware families to gain access to victim organizations. Proofpoint says the group is financially motivated and has used tools like Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT in campaigns that target credentials, data, and remote access. #TA4922 #AtlasRAT #RomulusLoader #SilentRunLoader #ValleyRAT #Winos4.0 #AnyDesk #SyncFuture #LINE #WhatsApp #MicrosoftTeams
Keypoints
- TA4922 is expanding its campaigns into new regions, including Europe and South Africa.
- The group uses HR, payroll tax, invoicing, and customer service lures to trick victims.
- TA4922 distributes malware and steals credentials for fraud and data theft.
- Its campaigns have used Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT.
- The group also shifts lures to messaging apps like LINE, WhatsApp, and Microsoft Teams.
Read More: https://www.securityweek.com/chinese-cybercrime-group-ta4922-in-spotlight-for-record-campaign-pace/