The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
https://threatpost.com/darkwatchman-rat-evolution-fileless-malware/177091/
Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies.
https://threatpost.com/tropic-trooper-transportation/177106/