The Ukrainian authorities have posted information warning of a new ransomware marketing campaign against organizations in the war-torn region.
In a temporary detect, the Ukrainian CERT explained it experienced learned phishing e-mail spoofed to appear as if sent from the “Press Support of the Normal Personnel of the Armed Forces of Ukraine.”
If recipients drop for the rip-off and click on on the backlink contained in the email, they’ll be taken to a web page and urged to down load a new variation of PDF Reader. Undertaking so will bring about a malicious executable, the CERT-UA warned.
“Running the stated file will, as a end result, decode and operate the ‘rmtpak.dll’ file. The latter is categorised as a RomCom malware,” it discussed.
RomCom was initial uncovered by Palo Alto Networks again in August.
It joined the distant accessibility Trojan (RAT) to a new Cuba ransomware affiliate dubbed “Tropical Scorpius,” noting that the malware permits risk actors to accomplish a array of put up-intrusion features such as knowledge exfiltration.
The affiliate seems to have been a key driver of Cuba ransomware bacterial infections, accounting for approximately fifty percent of the victims uncovered on the group’s leak web page concerning 2019 and summer time 2022.
“As of July 2022, Tropical Scorpius has utilised Cuba ransomware to impression 27 further companies throughout multiple vectors, this sort of as experienced and authorized companies, condition and nearby government, production, transportation and logistics, wholesale and retail, actual estate, money providers, healthcare, large technology, utilities and strength, construction, and instruction,” Palo Alto claimed at the time.
That would seem to recommend that the recent campaign in Ukraine is mainly economically enthusiastic, relatively than coordinated with Russian state goals in head.
“Considering the use of the RomCom backdoor, as well as other features of the associated data files, we feel it is possible to affiliate the detected action with the exercise of the team Tropical Scorpius aka UNC2596, which is liable for the distribution of Cuba ransomware,” CERT-UA confirmed.
A Cuba ransomware attack on the very small Balkan nation of Montenegro at the conclusion of August was to begin with blamed by its authorities on the Kremlin. Nevertheless, the NATO member subsequently appeared to row again from those statements.
Some parts of this article are sourced from:
www.infosecurity-magazine.com