RTM
RTM is a cybercriminal group that has been active since at least 2015 and is primarily interested in users of remote banking systems in Russia and neighboring countries. The group uses a Trojan by the same name (RTM).
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.1
Low signal strength
Mentions1
Sources0
High conf.0
Last seenJun 2026
First observed
2017-05-31
Last active
—
Origin
Russia
Aliases
1
Techniques
7
Campaigns
0
Russia
Attribution signals
1 mention · 0 sources#1unspecifiedunspecified
Victimology
xforce
Jun 2026
"The Russian-speaking RTM threat group has launched a new campaign against Russian transport and finance organizations."
Hedge terms observed
unspecified