A Russia-linked hacking group known as RomCom targeted a U.S. civil engineering firm in September 2025 using the SocGholish malware, a common tool for initial access in cyber espionage and ransomware campaigns. The attack followed the firm’s involvement in infrastructure projects within a city closely tied to Ukraine, suggesting geopolitical motivations. While the article does not specify the exact consequences, SocGholish is typically deployed to steal credentials, deliver follow-on payloads (such as ransomware), or facilitate data exfiltration.Given the actor’s affiliation (Russia-linked APT) and the target’s sector (civil engineering, possibly tied to critical infrastructure or government contracts), the breach likely aimed at intellectual property theft, espionage, or disruptive operations. If successful, the attack could have compromised sensitive project data, financial records, or proprietary engineering designs, potentially enabling further cyber or kinetic operations. The lack of public disclosure on data leaks or operational disruptions suggests either early-stage intrusion detection or limited immediate impact, though the long-term risks such as supply chain attacks or future ransomware deployment remain significant.
Source: https://www.scworld.com/brief/massive-stolen-browser-cookie-economy-uncovered
TPRM report: https://www.rankiteo.com/company/gis-engineering-llc-coastal-design-infrastructure-division
"id": "gis18104118112725",
"linkid": "gis-engineering-llc-coastal-design-infrastructure-division",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'civil engineering',
'location': 'United States',
'type': 'private company'}],
'attack_vector': ['malware (SocGholish)', 'targeted hacking operation'],
'date_detected': '2025-09',
'date_publicly_disclosed': '2025-11-26',
'description': 'Russia-linked hacking operation RomCom targeted a U.S. civil '
'engineering firm with SocGholish malware in September 2025, '
"following the firm's work in a city closely tied to Ukraine.",
'impact': {'brand_reputation_impact': ['potential reputational damage due to '
'association with geopolitical '
'targeting']},
'initial_access_broker': {'high_value_targets': ['potential geopolitical or '
'project-related data']},
'investigation_status': ['publicly disclosed', 'ongoing (assumed)'],
'motivation': ['geopolitical', 'retaliation for work in Ukraine-tied city'],
'references': [{'date_accessed': '2025-11-26',
'source': 'Cybersecurity Dive'}],
'threat_actor': ['RomCom (Russia-linked hacking group)'],
'title': 'RomCom Hacking Group Targets U.S. Civil Engineering Firm with '
'SocGholish Malware',
'type': ['cyberattack', 'malware attack']}