{"id":230028,"date":"2026-01-28T21:21:56","date_gmt":"2026-01-29T03:21:56","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/01\/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks"},"modified":"2026-01-28T21:21:56","modified_gmt":"2026-01-29T03:21:56","slug":"initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/01\/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks","title":{"rendered":"Initial access hackers switch to Tsundere Bot for ransomware attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks.jpg\"><\/a><\/p>\n<p>A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks.<\/p>\n<p>Proofpoint researchers have been tracking TA584\u2019s activity since 2020 and say that the threat actor has significantly increased its operations recently, introducing a continuous attack chain that undermines static detection.<\/p>\n<p>Tsundere Bot was <a href=\"https:\/\/securelist.com\/tsundere-node-js-botnet-uses-ethereum-blockchain\/117979\/\" target=\"_blank\" rel=\"nofollow noopener\">first documented by Kaspersky<\/a> last year and attributed to a Russian-speaking operator with links to the 123 Stealer malware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. Proofpoint researchers have been tracking TA584\u2019s activity since 2020 and say that the threat actor has significantly increased its operations recently, introducing a continuous attack [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6],"tags":[],"class_list":["post-230028","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/230028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=230028"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/230028\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=230028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=230028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=230028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}