Malware, Email security, Vulnerability Management

Ukrainian military targeted with RomCom RAT in new spear-phishing campaign

Share

Ukrainian military entities are being targeted by a spear-phishing campaign spreading the RomCom remote access trojan since Oct. 21, The Hacker News reports. While the unknown threat actor behind RomCom RAT previously impersonated the Advanced IP Scanner app, the latest campaign involved spoofing the pdfFiller app to spread the trojan malware, according to a BlackBerry report. Phishing emails sent to the Ukrainian military included an embedded link, which redirects to a phony site to facilitate next-stage downloader deployment. Such a downloader was found to have the same signer as the legitimate pdfFiller version. U.S.-, Brazil-, and Philippines-based IT firms, food manufacturers, and food brokers were also targeted by the campaign. "This campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors. In the past, both groups acted independently, relying on different tooling. Today, targeted attack threat actors rely more on traditional tooling, making attribution harder," said BlackBerry researcher Dmitry Bestuzhev.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.