| SYMBOL | COMMON_NAME | aka. SYNONYMS |
TA4922 is a Chinese-speaking cybercrime cluster that employs localized HR, payroll, tax, and invoice lures to deliver various malware families, including Atlas RAT, RomulusLoader, and SilentRunLoader. The actor conducts targeted email campaigns, often impersonating trusted authorities, to facilitate credential phishing and fraud. TA4922's operational tempo is high, with a focus on obtaining remote access for financial gain, and it has shown a rapid evolution in its malware arsenal. The group is also noted for using social engineering to shift communications from email to messaging platforms, enhancing their phishing efforts.
| 2026-06-03
⋅
Proofpoint
⋅
TA4922: The Suspected Chinese Crime Group is Going Global Atlas RAT RomulusLoader SilentRunLoader TA4922 |
| 2026-03-25
⋅
Hexastrike Cybersecurity
⋅
Trust the Tunnel, Get the Trojan: Silver Fox Delivers Atlas RAT via Weaponized VPN Installers Atlas RAT |