Romcom Remote Access Trojan

Malware updated 4 months ago (2024-05-04T19:08:36.564Z)
Download STIX
Preview STIX
The RomCom Remote Access Trojan (RAT) is a type of malware that has gained significant attention in the cybersecurity landscape this year. This malicious software, designed to exploit and damage computer systems, can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Recent developments have seen the RomCom RAT being utilized in more sophisticated ways, particularly by certain hacker groups. Throughout this year, Cuba ransomware actors, known for their harmful activities, have expanded their Tactics, Techniques, and Procedures (TTPs). Notably, third-party and open-source reports have identified a possible link between these Cuba ransomware actors, RomCom RAT actors, and Industrial Spy ransomware actors. Cybersecurity experts also suggest a relationship between the Cuba group and RomCom RAT operators. This indicates an increasing trend of collaboration among different cybercriminal groups, potentially leading to more advanced and devastating attacks. On October 16, 2023, a hacker group known for its financially motivated attacks took a step further into cyber-espionage. They targeted attendees of a gender equality conference with a pared-down version of the RomCom RAT. The threat actor likely used spear-phishing to distribute a malicious document, embedding an RTF file and OLE objects to initiate an infection chain. This was intended to harvest system information and deliver the RomCom RAT, marking a significant escalation in the use of this malware from purely financial motives to broader espionage objectives.
Description last updated: 2023-11-29T04:49:57.763Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
RomCom
2
RomCom is a type of malware, specifically a Remote Access Trojan (RAT), that has been linked to several cyber-attacks across Europe and North America. It was first identified in spring 2022, when third-party and open-source reports highlighted a potential connection between Cuba ransomware actors, R
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
CubaUnspecified
2
The Cuba ransomware, a malicious software active since 2019, has been linked to a series of escalating attacks on US entities and European leaders. The criminal group behind the malware, known by various aliases such as Void Rabisu, UNC2596, Tropical Scorpius, and Storm-0978, has recently targeted w
Source Document References
Information about the Romcom Remote Access Trojan Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
2 years ago
#StopRansomware: Cuba Ransomware | CISA
CERT-EU
a year ago
RomCom Malware Group Targets EU Gender Equality Summit
CERT-EU
a year ago
RomCom Malware Group Targets EU Gender Equality Summit
CERT-EU
a year ago
Cuba Ransomware Group Exploiting Veeam Flaw in Latest Campaign
CERT-EU
a year ago
Russia-Linked RomCom Hackers Targeting NATO Summit Guests
CISA
2 years ago
#StopRansomware: Cuba Ransomware | CISA