The Russian-speaking threat actor group known as UAT-5647, also known as RomCom, has been observed targeting Ukrainian government entities and unknown Polish entities since late 2023. The group has expanded its arsenal to include four distinct malware families: RustClaw and MeltingClaw (downloaders), DustyHammock (RUST-based backdoor), and ShadyHammock (C++-based backdoor). UAT-5647’s attacks are likely a two-pronged strategy of establishing long-term access for espionage and potentially pivoting to ransomware deployment to disrupt and gain financially from the compromise.
A new malware campaign has been discovered using the DarkVision RAT. This campaign leverages the PureCrypter loader to deliver the RAT, which possesses various capabilities such as keylogging, remote access, and password theft. The campaign demonstrates the sophistication of cyberattacks and the need for robust security measures to detect and prevent such threats. The use of advanced techniques like RAT and crypters underscores the evolving nature of cybercrime.