The RomCom cyber threat group, with links to Russia, targeted Ukrainian government agencies and Polish entities for espionage and data exfiltration purposes since late 2023. An updated version of RomCom RAT, SingleCamper, was deployed, along with additional malicious tools such as RustClaw and MeltingClaw downloaders, and two backdoors, DustyHammock and ShadyHammock. This operation expanded RomCom's capabilities for long-term access and surveillance of sensitive information. Polish entities' compromise suggests a wider scope of influence, raising concerns over regional security. Data exfiltration included sending system information to command-and-control servers and executing reconnaissance commands. The group’s activities also opened pathways for potential future ransomware attacks to disrupt operations and generate illicit profits.
Source: https://securityaffairs.com/169928/apt/romcom-targeted-ukrainian-government-agencies.html
"id": "sta000102324",
"linkid": "state-agency-for-restoration-and-infrastructure-development-of-ukraine",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"