Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military

2022-10-26 13:37

The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.

"Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system."

This downloader, signed using a valid digital certificate from "Blythe Consulting sp. z o.o." for an extra layer of evasion, is then used to extract and run the RomCom RAT malware.

Besides the Ukrainian military, other targets of the campaign include IT companies, food brokers, and food manufacturing entities in the U.S., Brazil, and the Philippines.

"This campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors," Dmitry Bestuzhev, threat researcher at BlackBerry, told The Hacker News.

"In the past, both groups acted independently, relying on different tooling. Today, targeted attack threat actors rely more on traditional tooling, making attribution harder."

News URL

https://thehackernews.com/2022/10/romcom-hackers-circulating-malicious.html

#military #RAT #ukrainian