Hacker Group TA585 Emerges With Advanced Attack Infrastructure
A newly identified cybercrime group, TA585, has been uncovered by cybersecurity researchers for running one of the most autonomous and technically advanced operations in today’s threat landscape.
TA585 controls its own infrastructure, phishing operations, and malware deployment, unlike many groups that rent access or outsource delivery. Discovered by the Proofpoint team, TA585 is a key distributor of MonsterV2, a premium malware family first advertised on underground forums in February 2025.
- MonsterV2 is marketed as a remote access Trojan (RAT), stealer, and loader.
- It gives criminals the ability to steal data, monitor victims, and install additional payloads.
- The malware avoids systems located in Commonwealth of Independent States (CIS) countries.
- MonsterV2 is sold on a subscription basis.
TA585 is running an advanced cyber operation distributing MonsterV2 malware
Author's summary: TA585 uncovered as advanced cybercrime group.