Unc2596

Threat Actor updated 5 months ago (2024-05-05T00:17:44.266Z)
Download STIX
Preview STIX
UNC2596, also known as Void Rabisu, Tropical Scorpius, and Storm-0978, is a hybrid threat actor involved in both financially motivated and espionage attacks. This group has been refining its tactics and techniques, utilizing backdoor attacks that have targeted various high-profile events, including the Munich Security Conference and the Masters of Digital conference. The cybersecurity firm Trend Micro has been tracking this threat actor, which is also believed to be associated with Cuba ransomware. In October 2023, UNC2596 launched a series of targeted attacks against female political leaders who participated in the Women Political Leaders Summit in June. These attacks utilized an updated and simplified variant of the RomCom RAT (Remote Access Trojan) malware, dubbed PEAPOD. This new variant was specifically used by UNC2596, indicating an evolution in the group's capabilities and strategies. The attribution of these attacks to UNC2596 is based on a combination of factors including tactics, techniques, and procedures (TTPs), code similarity, and attack infrastructure. The group's focus on targeting women leaders within the European Union’s military and political circles represents a notable shift in its target demographic. As such, it's imperative for organizations and individuals alike to remain vigilant and employ robust cybersecurity measures to mitigate the risk posed by this threat actor.
Description last updated: 2024-05-04T23:49:02.902Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Tropical Scorpius is a possible alias for Unc2596. Tropical Scorpius is a notorious malware, first identified in late 2020, associated with the Cuba ransomware gang. This malicious software has been linked to multiple cybercriminal activities, including disrupting operations, stealing personal information, and holding data hostage for ransom. The ma
4
Void Rabisu is a possible alias for Unc2596. Void Rabisu, also known as Storm-0978, UNC2596, and Tropical Scorpius, is a malicious software (malware) notable for its use of the ROMCOM backdoor. This malware has been involved in numerous attacks, including those targeting attendees of the Women Political Leaders Summit (WPL Summit) in 2023. In
3
RomCom is a possible alias for Unc2596. The RomCom malware, a malicious software that has been active since 2022, is an ongoing cyber threat. This Remote Access Trojan (RAT) is known for its various harmful activities including ransomware attacks, extortion, and targeted credential gathering, primarily aimed at supporting intelligence-gat
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Unc2596 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago