The RomCom cyber threat group, with links to Russia, targeted Ukrainian government agencies and Polish entities for espionage and data exfiltration purposes since late 2023. An updated version of RomCom RAT, SingleCamper, was deployed, along with additional malicious tools such as RustClaw and MeltingClaw downloaders, and two backdoors, DustyHammock and ShadyHammock. This operation expanded RomCom's capabilities for long-term access and surveillance of sensitive information. Polish entities' compromise suggests a wider scope of influence, raising concerns over regional security. Data exfiltration included sending system information to command-and-control servers and executing reconnaissance commands. The group’s activities also opened pathways for potential future ransomware attacks to disrupt operations and generate illicit profits.
Source: https://securityaffairs.com/169928/apt/romcom-targeted-ukrainian-government-agencies.html
TPRM report: https://scoringcyber.rankiteo.com/company/state-agency-for-restoration-and-infrastructure-development-of-ukraine
"id": "sta000102324",
"linkid": "state-agency-for-restoration-and-infrastructure-development-of-ukraine",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Ukraine',
'name': 'Ukrainian government agencies',
'type': 'Government'},
{'location': 'Poland',
'name': 'Polish entities',
'type': 'Organization'}],
'attack_vector': ['Malware', 'Backdoors', 'Downloaders'],
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive information, system '
'information'},
'date_detected': 'Late 2023',
'description': 'The RomCom cyber threat group, with links to Russia, targeted '
'Ukrainian government agencies and Polish entities for '
'espionage and data exfiltration purposes since late 2023. An '
'updated version of RomCom RAT, SingleCamper, was deployed, '
'along with additional malicious tools such as RustClaw and '
'MeltingClaw downloaders, and two backdoors, DustyHammock and '
"ShadyHammock. This operation expanded RomCom's capabilities "
'for long-term access and surveillance of sensitive '
"information. Polish entities' compromise suggests a wider "
'scope of influence, raising concerns over regional security. '
'Data exfiltration included sending system information to '
'command-and-control servers and executing reconnaissance '
'commands. The group’s activities also opened pathways for '
'potential future ransomware attacks to disrupt operations and '
'generate illicit profits.',
'impact': {'data_compromised': 'Sensitive information, system information'},
'initial_access_broker': {'backdoors_established': ['DustyHammock',
'ShadyHammock']},
'motivation': 'Espionage and Data Exfiltration',
'threat_actor': 'RomCom',
'title': 'RomCom Cyber Threat Group: Espionage and Data Exfiltration',
'type': 'Espionage and Data Exfiltration'}