Home Security Unknown Actors are Deploying RomCom RAT to Goal Ukrainian Army

Unknown Actors are Deploying RomCom RAT to Goal Ukrainian Army

by crpt os


The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.

The development marks a shift in the attacker’s modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on compromised systems.

“The initial ‘Advanced IP Scanner’ campaign occurred on July 23, 2022,” the BlackBerry research and intelligence team said. “Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system.”

While previous iterations of the campaign involved the use of trojanized Advanced IP Scanner, the unidentified adversarial collective has since switched to pdfFiller as of October 20, indicating an active attempt on part of the adversary to refine tactics and thwart detection.

These lookalike websites host a rogue installer package that results in the deployment of the RomCom RAT, which is capable of harvesting information and capturing screenshots, all of which is exported to a remote server.

Malicious Versions of Popular Apps

The adversary’s latest activity directed against the Ukrainian military is a departure in that it employs a phishing email with an embedded link as an initial infection vector, leading to a fake website dropping the next stage downloader.

CyberSecurity

This downloader, signed using a valid digital certificate from “Blythe Consulting sp. z o.o.” for an extra layer of evasion, is then used to extract and run the RomCom RAT malware. BlackBerry said the same signer is used by the legitimate version of pdfFiller.

Besides the Ukrainian military, other targets of the campaign include IT companies, food brokers, and food manufacturing entities in the U.S., Brazil, and the Philippines.

“This campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors,” Dmitry Bestuzhev, threat researcher at BlackBerry, told The Hacker News.

“In the past, both groups acted independently, relying on different tooling. Today, targeted attack threat actors rely more on traditional tooling, making attribution harder.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex