RU

RomComRomCom

Also known as: Storm-0978 · UAT-5647 · RomCom

Origin
RU
Known aliases
3

Profile

ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political leaders. The ROMCOM backdoor is capable of stealing sensitive information and deploying other malware, showcasing the group's adaptability and growing sophistication.

Aliases· 3

Storm-0978UAT-5647RomCom

Known victims· 1

  • Germany

References

  1. https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass
  2. https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries
  3. https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
  4. https://labs.k7computing.com/index.php/romcom-rat-not-your-typical-love-story/
  5. https://blogs.blackberry.com/en/2023/07/decoding-romcom-behaviors-and-opportunities-for-detection
  6. https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
  7. https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html
  8. https://blog.talosintelligence.com/uat-5647-romcom/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA829
Actor
UAC-0118
Actor
UAC-0050
Actor
RTM
Actor
GamaCopy
Actor
UNC3524
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.