Hacking news

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

on December 9, 2025

The Hacker News

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model. The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future's Insikt Group, which was previously tracking it as TAG-150.

More From Author

Hacking news

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

April 3, 2026

The Hacker News

Hacking news

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

April 3, 2026

The Hacker News

Hacking news

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

The Hacker News

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

More From Author

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The AI Fix #80: DeepSeek’s cheap GPT-5 rival, Antigravity fails, and why being rude to AI makes it smarter

California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle

Leave a Reply Cancel reply