A recently identified Chinese-speaking cybercrime group known as TA4922 has been intensifying its operations globally, as detailed by Proofpoint. This group utilizes social engineering tactics to distribute malware and engage in credential phishing and credit card theft. Unlike some other cyber threat actors, TA4922 does not appear to be involved in espionage activities. Their campaigns, which often target specific business themes like HR and invoicing, aim to gain remote access for data theft and financial fraud.
Over the past year, TA4922 has expanded its targets beyond Asia to include organizations in Europe and South Africa, employing various malware such as Atlas RAT and RomulusLoader. The group’s unique approach and high activity level signify a significant threat in the cybersecurity landscape.