Four distinct threat activity clusters have been identified using the malware loader CastleLoader, indicating its availability to other threat actors through a malware-as-a-service (MaaS) model. The threat actor associated with CastleLoader has been designated as GrayBravo by Recorded Future’s Insikt Group, which previously tracked it under the name TAG-150. This development reinforces concerns about the growing accessibility of sophisticated malware tools. The emergence of such clusters highlights the evolving landscape of cyber threats.
Loading PerspectiveSplit analysis...
