GrayBravo's CastleLoader ecosystem includes four clusters; TAG-160 impersonates logistics and abuses freight-matching platforms with ClickFix, TAG-161 impersonates Booking.com delivering CastleLoader and Matanbuchus. #GrayBravo #CastleLoader #ClickFix https://bit.ly/4p49yc0

Cybersecurity alert: GrayBravo's CastleLoader is fueling four distinct threat clusters, targeting sectors with advanced malware tactics. Stay informed and secure. #CyberSecurity #Malware #GrayBravo Link: thedailytechfeed.com/castleloader...

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure shellcode stager/downloader read more about Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure reconbee.com/four-threat-...

#malware #malwareattack #GrayBravo #castleloader #cyberattack #cybersecurity

GrayBravo Expands CastleLoader Malware Operations with Distinct Activity Clusters, Impersonates ‘Booking’ and ‘DAT Freight’ Researchers identify four new GrayBravo CastleLoader activity clusters targeting logistics and hospitality sectors, signaling a growing MaaS ecosystem.

Full analysis:
www.technadu.com/graybravo-ex...

#GrayBravo #CastleLoader #CyberSecurity #ThreatIntel #Malware #MaaS #Phishing #ClickFix #InfoSec

GrayBravo is scaling CastleLoader malware through four activity clusters - impersonating Booking. com and DAT Freight, deploying ClickFix phishing, and delivering payloads via signed MSI installers and MaaS infrastructure.

#GrayBravo #CastleLoader #Malware #ThreatIntel #CyberSecurity #Phishing

GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries

1/ @whoisnt.bsky.social, Marius, and I just published a report on #GrayBravo (formerly TAG-150), a highly adaptive, sophisticated threat actor that we first identified in Sept 2025. It uses a multi-layered infrastructure and responds quickly to exposure: www.recordedfuture.com/research/gra...