• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

RomCom Weaponized KeePass and SolarWinds Instances to Target Ukraine, Maybe UK

You are here: Home / General Cyber Security News / RomCom Weaponized KeePass and SolarWinds Instances to Target Ukraine, Maybe UK
November 3, 2022

The danger actor recognised as RomCom has been weaponizing SolarWinds, KeePass and PDF Reader Pro cases in a sequence of new attack campaigns against targets in Ukraine and potentially the United Kingdom.

The discovery arrives from the BlackBerry Investigate & Intelligence Staff, who published an advisory about RomCom on Wednesday.

“While Ukraine however seems to be the key focus on of this marketing campaign, we consider some English-talking countries are currently being specific as well, like the United Kingdom,” reads the document.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“This is based on the conditions of company (TOS) of two of the malicious sites and the SSL certificates of a freshly designed command-and-management (C2).”

As for the attacks by themselves, BlackBerry has stated RomCom adopted a scheme that concerned the original scraping of the legitimate HTML code from the seller to spoof and the registration of a destructive area similar to the genuine 1.

The threat actor then trojanized the legitimate software, uploaded a destructive bundle to the decoy web site and deployed qualified phishing email messages to the victims (in some circumstances, making use of more an infection vectors).

“Our crew adopted the RomCom Netflows and uncovered both of those spoofed KeePass and PDF Reader Pro web-sites in the Ukrainian language,” reads the advisory. “The two of these spoofed internet websites host their terms of company web pages on the same URL and suggest the software suppliers are hosted by UK providers.”

According to BlackBerry, these methods are comparable to and may possibly suggest a relationship involving the RomCom gang and the Cuba ransomware and Industrial Spy groups.

“Industrial Spy is a reasonably new ransomware team that emerged in April 2022,” the security staff wrote. “Having said that, specified the targets’ geography and characteristics, blended with the recent geopolitical scenario, it’s unclear if the authentic motivation of the RomCom menace actor is purely cyber-legal in mother nature.”

A record of RomCom RAT Indicators of Compromise (IoCs) is out there in the original text of the BlackBerry advisory. Its publication comes days just after the malware was connected with modern strategies concentrating on companies in Ukraine.


Some parts of this post are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase
Next Post: TikTok Confirms Chinese Staff Can Access UK and EU User Data Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.