Threats Tagged 'romulusloader'
View all threats tagged with 'romulusloader'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'romulusloader'
Click on any threat for detailed analysis and mitigation recommendations
TA4922: The Suspected Chinese Crime Group is Going Global 0 TA4922 is a sophisticated Chinese-speaking cybercrime group that has expanded its operations from East Asia to Europe and Africa. The group uses multiple malware families such as Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT, along with legitimate remote management tools like AnyDesk and SyncFuture. Their campaigns employ localized phishing lures themed around HR, payroll, tax, and invoicing to target large numbers of recipients. TA4922 conducts credential phishing, credit card fraud, and attempts to move communications to out-of-band channels like LINE, WhatsApp, and Microsoft Teams. They leverage legitimate cloud hosting and trusted software for delivery and persistence, focusing on financial gain through data theft, fraud, and resale of access. No known exploits in the wild or patches are applicable as this is an actor-based threat rather than a software vulnerability. The severity is assessed as medium based on the described impact and operational scope. Join the discussion | AlienVault OTX General | 06/03/2026, 12:55:39 UTC Added: 06/04/2026, 08:33:36 UTC |
Showing 1 to 1 of 1 result