Novel RomCom RAT variant launched against Ukraine, Poland

18 October 2024

Malicious spear-phishing messages have been leveraged by RomCom — also known as Storm-0978, UAC-0180, Void Rabisu, UNC2596, and Tropical Scorpius — to distribute the MeltingClaw or RustyClaw downloaders for the ShadyHammock and DustyHammock backdoors, respectively, with the latter facilitating the delivery of the SingleCamper trojan, according to a report from Cisco Talos. Such intrusions indicate RomCom’s efforts to “establish long-term access and exfiltrate data for as long as possible to support espionage motives, and then potentially pivot to ransomware deployment to disrupt and likely financially gain from the compromise,”

Source: SC Magazine

Date:

18 October 2024

Categorie(s):

NEWS

Tag(s):

Identity Theft, Novel, Phishing, Poland, RAT

70% of Leaders See Cyber Knowledge Gap in Employees23 October 2024
Attackers Use Encoded JavaScript to Deliver Malware23 October 2024
6 facts for CentOS users who are holding on23 October 2024
CISOs respond: 49% of CISOs plan to leave role without industry action23 October 2024
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration23 October 2024