Proofpoint Warns TA4922 Deploys Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT

TA4922 is a financially motivated, globally active cybercrime group conducting targeted email-based campaigns that deliver multiple malware families (Atlas RAT, RomulusLoader, SilentRunLoader, ValleyRAT) to steal credentials, maintain persistent access, and enable fraud; the report documents campaign timelines, techniques (DLL sideloading, use of legitimate remote tools, anti-sandbox checks), provides IoCs (IPs, domains, URLs, SHA256 hashes, filenames), and recommends mitigations such as application allowlisting, monitoring execution from temporary folders, and least-privilege controls.