The Reveal Platform
Intel Name: 10 things i hate about attribution: romcom vs. transferloader
Date of Scan: July 1, 2025
Impact: High
Summary: RomCom vs. TransferLoader highlights two related cybercriminal operations. TA829 conducts espionage and cybercrime using tools based on the legacy RomCom backdoor. A highly similar campaign, using a new loader and backdoor called TransferLoader, is linked to a separate cluster named UNK_GreenSec. The analysis explores the similarities and differences between these groups and raises questions about their possible connections within the broader criminal and espionage landscape.
