RomCom Hackers Target NATO Summit

The Russian-linked threat actor RomCom has been targeting entities supporting Ukraine in a recently identified cyber operation. Researchers at Blackberry found two malicious documents submitted from an IP address in Hungary, sent as baits to an organisation supporting Ukraine abroad. The targets include guests of the 2023 NATO Summit, which took place July 11-12.

According to their analysis of the threat actor’s TTPs (tactics, techniques, and procedures), network infrastructure, and code similarity, the threat actor RomCom is behind the campaign. They have named the malware Romcom RAT.

This indicates that the threat actor is using fake documents pretending to attempt to lobby for Ukraine’s NATO accession and the probability of Ukraine becoming a member of the organisation in the future. The NATO Summit discussed the war in Ukraine, Ukraine’s NATO accession, and Sweden’s recently-announced membership.

RomCom created malicious documents and tested their delivery system on June 22. The documents rely on embedded RTF files and OLE objects to collect system information and deliver the RomCom remote access trojan.

Spear-phishing techniques will be used to distribute these documents to supporters of Ukraine. Also known as Void Rabisu and Tropical Scorpius, the hacking group was believed to be financially motivated. Recent shifts in operations and motivation indicate the group is likely working for the Russian government. 

RomCom has attacked targets in Ukraine, as well as European conferences, defense companies, and municipalities helping Ukrainian refugees.

Since at least October 2022, the threat actor’s RomCom backdoor has been used in attacks targeting Ukraine, including users of Ukraine’s Delta situational awareness program and organisations in Ukraine’s energy and water utility sectors.

Blackberry:  Ukraine World CongressBleeping Computer:  HackRead:    Oodaloop:   Security Week

Image: Danzig-Hamburg

You Might Also Read: 

New Russian Malware Targets Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Details On How Revolut's Payment System Got Hacked
Chinese Spies Used Forged Validation Tokens To Access Government Emails »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

BlueVoyant

BlueVoyant

BlueVoyant's Cyber Defense Platform is security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Optra Security

Optra Security

Optra Security specializes in information security with a focus on Application Security.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.