Email security, Threat Management, Vulnerability Management
New RomCom spear-phishing attacks set sight on Ukraine’s NATO membership
Share
BleepingComputer reports that organizations supporting Ukraine amid its ongoing war with Russia and other guests in this week's NATO Summit, which will tackle Ukraine's membership in the organization, have been targeted by the RomCom threat operation.
Attackers, who may be part of a rebranded RomCom group or were previously core RomCom members, have leveraged spear-phishing attacks to promote a fraudulent website of the Ukrainian World Congress, which would prompt the download of documents that create an outbound connection, as well as a script exploiting the Follina vulnerability, tracked as CVE-2023-30190, according to a report from BlackBerry's Research & Intelligence Team.
Exploitation of the flaw could enable remote code execution attacks that eventually lead to the deployment of the RomCom backdoor, which has the capability to exfiltrate and deliver compromised computers' usernames, RAM details, and network adapter information back to the attackers' command-and-control server before establishing persistence and later allowing data exfiltration, additional payload delivery, and more, said researchers.
Related Events
Related Terms
Buffer OverflowCorruptionDefacementDictionary AttackDisassemblyDisruptionDistributed ScansDomain HijackingDrive-by DownloadEmail SpoofingGet daily email updates
SC Media's daily must-read of the most current and pressing daily news