Ukraine war blurs lines between cyber-crims and state-sponsored attackers

2023-06-01 05:40

A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine, according to Trend Micro analysts.

The infosec vendor pointed out that RomCom's operators, threat group Void Rabisu, also has links to the notorious Cuba ransomware, and therefore assessed it was assumed to be a financially driven criminal organization.

In a report published this week, the researchers wrote that Void Rabisu used RomCom against the Ukraine government and military as well as water, energy, and financial entities in the country.

One campaign inside of Ukraine used a fraudulent version of the Ukrainian army's DELTA situational awareness website to lure victims into downloading RomCom through improperly patched browsers.

With the combination of RomCom targets seen by Trend Micro, the Ukrainian Computer Emergency Response Team, and Google, "a clear picture emerges of the RomCom backdoor's targets: select Ukrainian targets and allies of Ukraine," the researchers wrote.

RomCom is evolving to include features typical of both cybercrime malware used by financially motivated groups and advanced persistent threat attackers driven by geopolitics, the Trend Micro researchers wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/01/ukraine_romcom_malware/

#statesponsored #ukraine