"RomCom RAT Targeting NATO and Ukraine Support Groups"

The threat actors responsible for the RomCom Remote Access Trojan (RAT) are suspected of launching phishing attacks against the NATO summit in Vilnius and a known organization supporting Ukraine abroad. The BlackBerry Threat Research and Intelligence team discovered two malicious documents submitted on July 4, 2023, from a Hungarian IP address. RomCom, also known as Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed launching cyberattacks against Ukrainian politicians working closely with Western nations and a US healthcare organization aiding refugees fleeing the war-torn nation. The group has used spear-phishing emails to direct victims to cloned websites harboring trojanized versions of popular software as part of geopolitically motivated attack chains. Militaries, food supply chains, and Information Technology (IT) companies have been targeted. This article continues to discuss the threat actors behind the RomCom RAT targeting NATO and Ukraine support groups.

THN reports "RomCom RAT Targeting NATO and Ukraine Support Groups"