Romcom Remote Access Trojan

The RomCom Remote Access Trojan (RAT) is a harmful malware that has been evolving and causing significant threats to cybersecurity. Based on the RomCom 3.0 version, it incorporates techniques seen in RomCom 4.0, resulting in the creation of RomCom 5.0. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to users. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In the past year, there has been an increase in activities involving the RomCom RAT, particularly by the Cuba ransomware actors. Reports suggest a possible connection between these actors, the RomCom RAT operators, and Industrial Spy ransomware actors. This alliance has expanded their Tactics, Techniques, and Procedures (TTPs), posing more sophisticated threats. Notably, cybersecurity experts also believe there is a relationship between the Cuba group and RomCom RAT operators. In a notable incident on October 16, 2023, a hacker group extended its reach from financially motivated attacks into cyber-espionage, targeting attendees of a gender equality conference with a pared-down version of the RomCom RAT. The threat actor likely used spear-phishing to distribute one of the malicious documents, embedding an RTF file and OLE objects to initiate an infection chain designed to harvest system information and deliver the RomCom RAT. This event underscores the increasing sophistication and broadening scope of cyber threats.