| SYMBOL | COMMON_NAME | aka. SYNONYMS |
ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political leaders. The ROMCOM backdoor is capable of stealing sensitive information and deploying other malware, showcasing the group's adaptability and growing sophistication.
There are currently no families associated with this actor.
| 2024-10-17
⋅
Cisco Talos
⋅
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants MeltingClaw ROMCOM RAT ShadyHammock RomCom |
| 2023-09-08
⋅
K7 Security
⋅
RomCom RAT: Not Your Typical Love Story ROMCOM RAT RomCom |
| 2023-05-30
⋅
Trend Micro
⋅
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals ROMCOM RAT RomCom |
| 2022-11-02
⋅
Blackberry
⋅
RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom ROMCOM RAT RomCom |
| 2022-10-23
⋅
Blackberry
⋅
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries ROMCOM RAT RomCom |