The Russian-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in a sophisticated cyber attack campaign since late 2023. The attacks involved spear-phishing to deliver malware, including an updated variant of the RomCom RAT named 'SingleCamper,' as well as new downloaders and backdoors. Tools were executed for initial network reconnaissance and creating remote tunnels for command and control (C2) communications. The group performed data exfiltration, system reconnaissance, and maintained long-term access for espionage. There is also a potential for ransomware deployment to disrupt operations and generate profit. The impact includes the compromise of government systems and the risk of geopolitical instability due to the nature of the targeted entities.
Source: https://securityaffairs.com/169928/apt/romcom-targeted-ukrainian-government-agencies.html
"id": "def000101824",
"linkid": "defense-security-cooperation-agency",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"