Send us fan mail!

Hello to all our cyber detectives and pedantic CTI friends! In this episode of Discarded, host Selena Larson is joined by Greg Lesnewich, Staff Threat Researcher at Proofpoint for a behind-the-scenes look at one of the most frustratingly fascinating attribution cases yet.

What begins as a lighthearted rant: “10 Things I Hate About Attribution,” quickly turns into a deep dive into the murky overlap between TA829 (aka RomCom), TA289, and the elusive GreenSec cluster. From TransferLoader and malware panels to REM proxy infrastructure and attack chain similarities, Greg and Selena dissect the breadcrumb trail that led to a 25-page blog, a mountain of malware chains (Dusty Hammock? Single Camper?), and an attribution headache. 

Topics Include:

• TA829 (aka RomCom) and the elusive GreenSec cluster: What’s the difference?
  
  
  
• Vertical targeting overlap (and divergence)
  
  
  
• Malware breakdown: TransferLoader vs. RomCom and related malware
  
  
  
• Use of REM proxy and rebrand.ly infrastructure
  
  
  
• Attribution logic and the perils of shared tooling
  
  
  
• Bonus: Existential mysteries and karaoke mic commentary

The attribution game isn’t always about getting it right—it’s about asking better questions. Join us in the mess, and keep connecting the dots.

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!