The hacking team identified as Void Rabisu has deployed a new backdoor called RomCom. In accordance to security scientists at Pattern Micro, the innovative tool sheds light on the group’s evolving objectives and marks a sizeable shift in strategies.
“Void Rabisu was considered to be economically inspired, even although its involved Cuba ransomware allegedly attacked the parliament of Montenegro in August 2022, which could be thought of section of a geopolitical agenda,” reads an advisory revealed on Tuesday.
Examine far more on this malware campaign: Ukraine Warns of Cuba Ransomware Campaign
“The motives of Void Rabisu seem to be to have improved given that at minimum Oct 2022 […]. In a campaign in December 2022, a fake variation of the Ukrainian army’s Delta situational recognition website was applied to lure targets into setting up the RomCom backdoor.”
Primarily based on these assaults, the security authorities theorized that Void Rabisu’s adoption of the RomCom backdoor could possibly show their drive to diversify their routines.
Even though their preceding functions were centered on information exfiltration and intelligence assortment, the use of this new instrument suggests an desire in sabotage, disruption or even money gain.
“Even even though we are unable to verify coordination in between the various assaults, Ukraine and international locations who assistance Ukraine are being targeted by several actors, like APT actors, hacktivists, cyber mercenaries and cybercriminals like Void Rabisu,” reads the advisory.
The RomCom backdoor can reportedly bypass traditional protection mechanisms. It infiltrates methods beneath the guise of innocent intimate comedy documents, then allows unauthorized obtain, granting the hackers a gateway to carry out several activities.
“The line is blurring in between cybercrime driven by fiscal attain and APT assaults determined by geopolitics, espionage, disruption, and warfare. Because the rise of Ransomware-as-a-Assistance (RaaS), cybercriminals are now employing sophisticated ways and specific assaults that were previously thought to be the domain of APT actors,” wrote Trend Micro.
“Inversely, tactics and methods that had been formerly used by monetarily enthusiastic actors are progressively getting utilised in attacks with geopolitical aims.”
Some parts of this article are sourced from:
www.infosecurity-journal.com