Black & White Path

Feb 15, 2026 · Information Security

How TA584 Leverages Tsundere Bot and XWorm for Ransomware Attacks

The TA584 threat group, acting as a high‑activity initial‑access broker, now employs the Tsundere Bot and XWorm remote‑access trojans in a multi‑stage phishing chain that culminates in ransomware deployment, with Proofpoint noting a two‑fold activity surge and expanded geographic reach in 2025.