SYMBOLCOMMON_NAMEaka. SYNONYMS

RomCom  (Back to overview)

aka: Storm-0978, UAT-5647

ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political leaders. The ROMCOM backdoor is capable of stealing sensitive information and deploying other malware, showcasing the group's adaptability and growing sophistication.


Associated Families

There are currently no families associated with this actor.


References
2024-10-17Cisco TalosAsheer Malhotra, Dmytro Korzhevin, Vanja Svajcer, Vitor Ventura
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
MeltingClaw ROMCOM RAT ShadyHammock RomCom
2023-09-08K7 SecuritySudeep Waingankar
RomCom RAT: Not Your Typical Love Story
ROMCOM RAT RomCom
2023-05-30Trend MicroFeike Hacquebord, Fernando Mercês, Lord Alfred Remorin, Stephen Hilt
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
ROMCOM RAT RomCom
2022-11-02BlackberryBlackberry Research
RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
ROMCOM RAT RomCom
2022-10-23BlackberryThe BlackBerry Research & Intelligence Team
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
ROMCOM RAT RomCom

Credits: MISP Project