FlagThis

CyberSecurity updates
Updated: 2024-11-25 05:31:56 Pacfic
MalBot @ Malware Analysis, News and Indicators
UAT-5647 Targets Ukrainian and Polish Entities with RomCom Malware Variants - 6h
Read more: malware.news

A Russian-speaking threat actor, tracked as UAT-5647 (also known as RomCom), has been observed targeting Ukrainian government entities and potentially Polish entities. The group has been utilizing a range of malware variants, including SingleCamper, RustyClaw, MeltingClaw, DustyHammock, and ShadyHammock, to establish long-term access, exfiltrate data, and potentially deploy ransomware. The malware variants demonstrate the group’s sophistication and diversity in their tooling and infrastructure. The targeting of edge devices within compromised networks suggests an escalation of the threat actor’s activity, potentially seeking to evade detection and gain even more control over the victim’s environment. Organizations in Ukraine and Poland should be particularly vigilant against this threat actor and implement robust security measures to protect their systems and data.

References:
  • Malware Analysis, News and Indicators - UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants - 7d
  • Over Security - UAT-5647: RomCom malware variants - 7d
  • cert.gov.ua - This article discusses the threat posed by RomCom to Ukrainian entities. - 7d
  • Unit 42 - This research paper details the various components of the RomCom malware. - 7d
  • The Hacker News - The Hacker News article on RomCom attacks against Ukrainian entities - 7d
  • attack.mitre.org - UAT-5647, a Russian-speaking threat actor group, is targeting Ukrainian and Polish entities with various malware variants - 7d
  • signup.duo.com - UAT-5647, a Russian-speaking threat actor group, is targeting Ukrainian and Polish entities with various malware variants - 7d
  • www.snort.org - UAT-5647, a Russian-speaking threat actor group, is targeting Ukrainian and Polish entities with various malware variants - 7d
  • ciso2ciso.com - This news reports that a new variant of SingleCamper RAT has been used in attacks targeting Ukrainian government entities. - 6d
  • ciso2ciso.com - The Russian-linked RomCom group has been targeting Ukrainian government agencies since late 2023, deploying a new SingleCamper RAT variant. The group uses malicious spear-phishing messages to distribu - 6d
  • Malware Analysis, News and Indicators - This article outlines the RomCom group’s new campaign targeting Ukrainian government agencies and individuals in Poland, detailing the malware variants used. - 6d
  • SCM feed for Threat Management - This brief summarizes the RomCom group’s new campaign, emphasizing the use of spear-phishing and the deployment of the SingleCamper trojan. - 6d
  • @jos1264 - This social media post mentions the RomCom group’s new campaign targeting Ukrainian government agencies and highlights the SingleCamper RAT variant. - 6d
  • @jos1264 - Russia-linked RomCom group targeted Ukrainian government agencies since late 2023 – Source: securityaffairs.com - 6d

Classification:
  • HashTags: malware ukraine cybersecurity
  • Target: Ukrainian government entities and Polish entities
  • Attacker: UAT-5647
  • Type: Malware
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.