Cybersecurity researchers have identified similarities between the activities of threat groups TA829 and UNK_GreenSec, both involved in deploying malware such as TransferLoader. These groups use advanced tactics like compromised MikroTik routers and encrypted communications to carry out espionage and financially motivated cyber attacks. #RomComRAT #TransferLoader
Keypoints
- TA829 and UNK_GreenSec share infrastructure and attack tactics, indicating a possible link.
- The threat groups exploit zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows for malware delivery.
- TransferLoader is used to silently deploy additional malware like Morpheus ransomware and RomCam RAT.
- Both groups employ REM Proxy services, compromised MikroTik routers, and encrypted C2 channels to evade detection.
- The campaigns use phishing messages with job-themed lures leading to malicious links hosted on IPFS networks.
Read More: https://thehackernews.com/2025/07/ta829-and-unkgreensec-share-tactics-and.html