Cybersecurity researchers have identified tactical similarities between the RomCom RAT and a loader known as TransferLoader, linking them to the groups TA829 and UNK_GreenSec. TA829, associated with espionage and financially motivated attacks, exploits zero-day vulnerabilities in major software for global targets. They utilize compromised infrastructure and uncommon tactics for stealth. UNK_GreenSec is highlighted for its similar delivery methods and usage of REM Proxy services and MikroTik routers, although the breach process for these routers remains unexplained.
Both TA829 and UNK_GreenSec rely on REM Proxy services deployed on compromised MikroTik routers, though the specific breach method of these devices remains unclear.
TA829 is a hybrid hacking group aligned with Russia, engaging in both espionage and financially motivated attacks, linked to exploiting zero-day vulnerabilities.
Collection
[
|
...
]