A Russian-speaking threat actor, tracked as UAT-5647 (also known as RomCom), has been observed targeting Ukrainian government entities and potentially Polish entities. The group has been utilizing a range of malware variants, including SingleCamper, RustyClaw, MeltingClaw, DustyHammock, and ShadyHammock, to establish long-term access, exfiltrate data, and potentially deploy ransomware. The malware variants demonstrate the group’s sophistication and diversity in their tooling and infrastructure. The targeting of edge devices within compromised networks suggests an escalation of the threat actor’s activity, potentially seeking to evade detection and gain even more control over the victim’s environment. Organizations in Ukraine and Poland should be particularly vigilant against this threat actor and implement robust security measures to protect their systems and data.