Home Security RomCom RAT Focusing on NATO and Ukraine Assist Teams

RomCom RAT Focusing on NATO and Ukraine Assist Teams

by crpt os


Jul 10, 2023THNCyber Threat / Malware

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.

The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.

RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country.

Attack chains mounted by the group are geopolitically motivated and have employed spear-phishing emails to point victims to cloned websites hosting trojanized versions of popular software. Targets include militaries, food supply chains, and IT companies.

The latest lure documents identified by BlackBerry impersonate Ukrainian World Congress, a legitimate non-profit, (“Overview_of_UWCs_UkraineInNATO_campaign.docx”) and feature a bogus letter declaring support for Ukraine’s inclusion to NATO (“Letter_NATO_Summit_Vilnius_2023_ENG(1).docx”).

“Although we haven’t yet uncovered the initial infection vector, the threat actor likely relied on spear-phishing techniques, engaging their victims to click on a specially crafted replica of the Ukrainian World Congress website,” the Canadian company said in an analysis published last week.

Opening the file triggers a sophisticated execution sequence that entails retrieving intermediate payloads from a remote server, which, in turn, exploits Follina (CVE-2022-30190), a now-patched security flaw affecting Microsoft’s Support Diagnostic Tool (MSDT), to achieve remote code execution.

UPCOMING WEBINAR

🔐 PAM Security – Expert Solutions to Secure Your Sensitive Accounts

This expert-led webinar will equip you with the knowledge and strategies you need to transform your privileged access security strategy.

Reserve Your Spot

The result is the deployment of RomCom RAT, an executable written in C++ that’s designed to collect information about the compromised system and remote commandeer it.

“Based on the nature of the upcoming NATO Summit and the related lure documents sent out by the threat actor, the intended victims are representatives of Ukraine, foreign organizations, and individuals supporting Ukraine,” BlackBerry said.

“Based on the available information, we have medium to high confidence to conclude that this is a RomCom rebranded operation, or that one or more members of the RomCom threat group are behind this new campaign supporting a new threat group.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex