TA584 is one of the most prominent #cybercriminal threat actors tracked by Proofpoint threat researchers. In a new blog, the team shared a detailed analysis of the threat actor, its campaigns, attack chains, targeting, payloads, and shared defensive recommendations.

Blog: https://www.proofpoint.com/us/blog/threat-insight/cant-stop-wont-stop-ta584-innovates-initial-access

Our researchers have tracked #TA584 since 2020. In 2025, they observed shifts to TA584’s tactics, techniques and procedures (TTPs). Notably, it expanded global targeting; adopted ClickFix social engineering; and delivered new malware, Tsundere Bot.

⚠️ Such activity shows that static detections alone are not reliable against constantly evolving threat actors.

Explore the blog for more details along with protection tips, Emerging Threats Rules and IOCs.