Contact

10 Things I Hate About Attribution: RomCom vs. TransferLoader

NetmanageIT OpenCTI - opencti.netmanageit.com

10 Things I Hate About Attribution: RomCom vs. TransferLoader



SUMMARY :

This report analyzes the activities of two threat actor clusters: TA829 and UNK_GreenSec. TA829 conducts both espionage and cybercrime operations using tools like SingleCamper and DustyHammock. UNK_GreenSec deploys TransferLoader malware leading to ransomware infections. The actors share similarities in infrastructure, delivery tactics, and lure themes, raising questions about their relationship. Four hypotheses are presented regarding their potential connection, ranging from shared third-party services to being the same actor. The report highlights the increasing overlap between cybercrime and espionage activities, making attribution more challenging in the current threat landscape.

OPENCTI LABELS :

ransomware,romcom,singlecamper,dustyhammock,shadyhammock,rustyclaw,meltingclaw,hellcat,morpheus,transferloader,slipscreen


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


10 Things I Hate About Attribution: RomCom vs. TransferLoader