Threat Intelligence , Network Security , Malware TA584 threat actor leverages Tsundere Bot and XWorm for network access January 29, 2026 By SC Staff (Adobe Stock) A prolific initial access broker, identified as TA584, has been observed employing the Tsundere Bot in conjunction with the XWorm remote access trojan. This combination facilitates network access, potentially paving the way for ransomware attacks. Proofpoint researchers have been monitoring TA584's activities since 2020 and have noted a significant escalation in its operations, introducing a sophisticated attack chain designed to bypass traditional security measures, with further coverage provided by Bleeping Computer. TA584's current attack chain begins with emails sent from compromised accounts via SendGrid and Amazon SES. These emails contain unique URLs, geofencing, and IP filtering, often utilizing redirect chains through traffic direction systems like Keitaro. Victims who bypass these initial filters encounter a CAPTCHA, followed by a ClickFix page instructing them to execute a PowerShell command. This command loads either XWorm or Tsundere Bot into memory. Tsundere Bot, a malware-as-a-service platform, gathers system information, can execute arbitrary code, and uses the Ethereum blockchain to retrieve its command-and-control address. TA584 has a history of using various payloads, including Ursnif and Cobalt Strike. The increased volume and expanded geographic targeting by TA584, including new European countries and Australia, highlight a growing threat. The use of Tsundere Bot and XWorm, coupled with advanced evasion techniques, suggests a persistent effort to gain initial access for further malicious activities, likely including ransomware deployment. Source: Bleeping Computer Get essential knowledge and practical strategies to fortify your network security. Learn More SC Staff Malware New CrashFix attack backdoors Windows SC Staff February 10, 2026 Cybernews reports that Windows systems have been injected with various backdoors for long-term compromise as part of a new CrashFix attack campaign. Threat Intelligence China reportedly conducting critical infrastructure attack drills SC Staff February 10, 2026 Intrusions conducted by China against neighboring countries' critical infrastructure entities have been rehearsed using the Expedition Cloud system developed by CyberPeace, reports The Record, a news site by cybersecurity firm Recorded Future. Threat Intelligence Google Threat Intelligence added to Cohesity data cloud SC Staff February 10, 2026 This move aims to help customers detect hidden malware in backup data that could cause reinfection during recovery and reveal stealthy attacks. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Related Terms Account Harvesting Address Resolution Protocol (ARP) Backdoor Domain Domain Name Drive-by Download Dynamic Routing Protocol Information Warfare Morris Worm Reconnaissance You can skip this ad in 5 seconds