APT / THREAT GROUP
RTM
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
[RTM](https://attack.mitre.org/groups/G0048) is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name ([RTM](https://attack.mitre.org/software/S0148)). (Citation: ESET RTM Feb 2017)
Threat Analysis
RTM is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning RTM
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
The Hacker News· Jul 1, 2026
DHS confirms hackers breached HSIN info-sharing platform
BleepingComputer· Jul 1, 2026
Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
The Hacker News· Jul 1, 2026
Anthropic to restore Claude Fable access on Wednesday
BleepingComputer· Jun 30, 2026
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
BleepingComputer· Jun 29, 2026
US seizes hundreds of FIFA World Cup illegal streaming domains
BleepingComputer· Jun 29, 2026
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The Hacker News· Jun 24, 2026
Feds seize alleged cyber-scam infrastructure connected to Southeast Asian company
The Record· Jun 23, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases4
SourceMalpedia
Also Known As
RTMRedamanG0048win.rtm
External Intelligence
Malpedia: win.rtmResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.