Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. www.recordedfuture.com/research/fro...
September 8, 2025 at 8:33 AM
Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. www.recordedfuture.com/research/fro...
IBM X-Force's Golo Mühr looks into a newly emerging malware MaaS framework named CastleBot. Follow-on payloads range from infostealers to backdoors linked to ransomware attacks, such as NetSupport and WarmCookie. www.ibm.com/think/x-forc...
August 8, 2025 at 8:57 AM
IBM X-Force's Golo Mühr looks into a newly emerging malware MaaS framework named CastleBot. Follow-on payloads range from infostealers to backdoors linked to ransomware attacks, such as NetSupport and WarmCookie. www.ibm.com/think/x-forc...
🔎 CastleBot: modular MaaS empowering infostealer-to-Ransomware attacks
IBM X‑Force reveals CastleBot, a new MaaS platform that deploys everything from infostealers to backdoors like NetSupport and WarmCookie, all delivered via fake installers, GitHub impersonation, and ClickFix.
#ransomNews
IBM X‑Force reveals CastleBot, a new MaaS platform that deploys everything from infostealers to backdoors like NetSupport and WarmCookie, all delivered via fake installers, GitHub impersonation, and ClickFix.
#ransomNews
August 14, 2025 at 8:37 AM
🔎 CastleBot: modular MaaS empowering infostealer-to-Ransomware attacks
IBM X‑Force reveals CastleBot, a new MaaS platform that deploys everything from infostealers to backdoors like NetSupport and WarmCookie, all delivered via fake installers, GitHub impersonation, and ClickFix.
#ransomNews
IBM X‑Force reveals CastleBot, a new MaaS platform that deploys everything from infostealers to backdoors like NetSupport and WarmCookie, all delivered via fake installers, GitHub impersonation, and ClickFix.
#ransomNews
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks
cybersecuritynews.com
August 8, 2025 at 11:26 PM
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks
2/ TAG-150 is Insikt Group’s designation for the actor likely behind the malware families #CastleLoader, #CastleBot, and most recently #CastleRAT, a RAT documented here for the first time.
September 4, 2025 at 3:05 PM
2/ TAG-150 is Insikt Group’s designation for the actor likely behind the malware families #CastleLoader, #CastleBot, and most recently #CastleRAT, a RAT documented here for the first time.
Dissecting the CastleBot Malware-as-a-Service operation | IBM www.ibm.com/think/x-forc...
Dissecting the CastleBot Malware-as-a-Service operation | IBM
Take a deep dive into CastleBot, an emerging malware framework, with IBM X-Force. Learn the basics about the threat: how it works, how it spreads and why it matters to you.
www.ibm.com
August 7, 2025 at 7:07 AM
Dissecting the CastleBot Malware-as-a-Service operation | IBM www.ibm.com/think/x-forc...
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks A sophisticated new malware framework named CastleBot has emerged as a significant threat to cybersecurity, ope...
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks
New DarkCloud stealer variant hits Windows via phishing RARs, using fileless, evasive tactics to steal credentials & finances.
cybersecuritynews.com
August 8, 2025 at 11:15 PM
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks A sophisticated new malware framework named CastleBot has emerged as a significant threat to cybersecurity, ope...
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
Dissecting the CastleBot Malware-as-a-Service operation
Dissecting the CastleBot Malware-as-a-Service operation
www.ibm.com
August 9, 2025 at 3:24 PM
Dissecting the CastleBot Malware-as-a-Service operation