Proofpoint Warns TA4922 Deploys Atlas RAT and Multiple Malware Loaders

TA4922 is a financially motivated, Chinese-speaking cybercriminal group conducting targeted social-engineering campaigns against organizations in Japan, Taiwan, Germany, and the UK. Their toolkit includes advanced loaders and backdoors (Atlas RAT, RomulusLoader, SilentRunLoader and modified Winos4.0/ValleyRAT variants), DLL sideloading, anti-sandbox and memory-resident shellcode techniques, and abuse of legitimate RMM tools; the report includes observed IOCs and mitigation recommendations.