TA4922 Expands Phishing: Attacks Target UK, Germany, Italy and South Africa

Colleagues — TA4922 has expanded phishing campaigns targeting the UK, Germany, Italy and South Africa (Proofpoint).
What happened:
- Using HR/business lures to harvest credentials, perpetrate fraud and deliver malware: AtlasRAT, ValleyRAT, RomulusLoader, SilentRunLoader.
- Techniques: DLL side‑loading, theft of Chrome data (passwords, cookies) and migrating conversations to LINE/WhatsApp/Teams to evade defenses.
- Actor likely financially motivated; tools may also enable surveillance; campaigns are rapidly scaling.
Why it matters: threat activity is increasing — strengthen email security and monitor external communication channels.
Which mitigations do you prioritise?
#cybersecurity #phishing #incident #APT


Latest comments
No comments yet.