RomCom vs. TransferLoader highlights two related cybercriminal operations. TA829 conducts espionage and cybercrime using tools based on the legacy RomCom backdoor. A highly similar campaign, using a new loader and backdoor called TransferLoader, is linked to a separate cluster named UNK_GreenSec....