CastleLoader Malware Expands Operations Targeting Logistics and Hospitality Sectors

CastleLoader Malware Expands Operations Targeting Logistics and Hospitality Sectors

First seen 11 Dec 2025, 02:49 UTC TechnaduScworld 84% similarity 36.9

Article Content

Browse articles
ThreatCluster

GrayBravo, previously known as TAG-150, has expanded its CastleLoader malware deployment across four distinct threat activity clusters since March 2025. The malware targets industries such as logistics and hospitality, utilizing phishing and ClickFix tactics to compromise organizations, including impersonation of entities like Booking.com and DAT Freight.

ThreatCluster AI

Community

Browse all →