Malware, Phishing, Threat Intelligence

Novel RomCom RAT variant launched against Ukraine, Poland

Share
System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Attacks with the latest RomCom RAT variant called SingleCamper, also known as RomCom 5.0 and SnipBot, have been deployed by Russian threat operation RomCom, against government agencies in Ukraine and unknown organizations in Poland since late last year, The Hacker News reports.

Malicious spear-phishing messages have been leveraged by RomCom — also known as Storm-0978, UAC-0180, Void Rabisu, UNC2596, and Tropical Scorpius — to distribute the MeltingClaw or RustyClaw downloaders for the ShadyHammock and DustyHammock backdoors, respectively, with the latter facilitating the delivery of the SingleCamper trojan, according to a report from Cisco Talos. Such intrusions indicate RomCom's efforts to "establish long-term access and exfiltrate data for as long as possible to support espionage motives, and then potentially pivot to ransomware deployment to disrupt and likely financially gain from the compromise," researchers noted. The development comes after the UAC-0050 threat operation was reported by Ukraine's Computer Emergency Response Team to have leveraged Remcos RAT and other malicious payloads to facilitate data and financial theft activities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.