216.73.217.50

Ukrainian and Polish entities targeted with RomCom malware variants

· Published 17/10/2024 16:16 · Modified 18/10/2024 08:50

Export JSON

Essential information

Published
17/10/2024 16:16
Modified
18/10/2024 08:50
Tags
2024-10-17 dustyhammock meltingclaw poland romcom russia rustclaw rustyclaw shadyhammock singlecamper ukraine
Related entities
1 intrusion sets (apt), 9 techniques (mitre), 6 malware, 3 others

Description

A Russian-speaking threat group, UAT-5647, has been conducting attacks against Ukrainian government entities and Polish targets since late 2023. The group has evolved its toolset to include four distinct malware families: and downloaders, backdoor, and backdoor. The attacks involve spear-phishing campaigns delivering these malware components, which ultimately lead to the deployment of an updated version of the malware called . UAT-5647's activities suggest a focus on establishing long-term access for data exfiltration, with potential for future ransomware deployment. The group's tactics include network reconnaissance, lateral movement, and attempts to compromise edge devices for evasion purposes.

External references