Malware, Email security, Vulnerability Management
Ukrainian military targeted with RomCom RAT in new spear-phishing campaign
Share
Ukrainian military entities are being targeted by a spear-phishing campaign spreading the RomCom remote access trojan since Oct. 21, The Hacker News reports.
While the unknown threat actor behind RomCom RAT previously impersonated the Advanced IP Scanner app, the latest campaign involved spoofing the pdfFiller app to spread the trojan malware, according to a BlackBerry report.
Phishing emails sent to the Ukrainian military included an embedded link, which redirects to a phony site to facilitate next-stage downloader deployment. Such a downloader was found to have the same signer as the legitimate pdfFiller version. U.S.-, Brazil-, and Philippines-based IT firms, food manufacturers, and food brokers were also targeted by the campaign.
"This campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors. In the past, both groups acted independently, relying on different tooling. Today, targeted attack threat actors rely more on traditional tooling, making attribution harder," said BlackBerry researcher Dmitry Bestuzhev.
Related Events
Related Terms
AdwareBuffer OverflowBugDisassemblyEavesdroppingEmail SpoofingInternet Message Access Protocol (IMAP)Post Office Protocol, Version 3 (POP3)SpamStore-and-ForwardGet daily email updates
SC Media's daily must-read of the most current and pressing daily news