![]() It is compatible with many commonly used remote connection utilities and technologies such as Citrix, FTP, Apple Remote Desktop, TeamViewer, LogMeIn, Microsoft Remote Desktop (RDP), SSH Shell, and many more. This uptick encompassed the creation of several new domains and associated artifacts, one of which, “ startleaguenet”, was linked to a file correlating to the SHA256 – c94e889a6c9f4c37f34f75bf54e6d1b2cd7ee654cd397df348d46abe0b0f6ca3, and titled RemoteDesktopManager.2022.3.35.0.exe.Īs its name suggests, Devolutions Remote Desktop Manager (RDM) is a legitimate utility designed to help facilitate secure remote connectivity. In mid-March 2023, we noticed an uptick in telemetry related to our tracking of the operator behind the RomCom remote access trojan (RAT). Politicians from Ukraine U.S.-based Healthcare organizations Trojanized applications, 圆4 dll payloadsĬloned websites, C2 servers using self-signed SSL certificates This report is the first part of our research covering the details of RomCom’s latest malicious campaign, while the second part will cover RomCom's behaviors, including detection engineering. In RomCom’s latest campaign, the BlackBerry Threat Research and Intelligence team observed RomCom targeting politicians in Ukraine who are working closely with Western countries, and a U.S.-based healthcare company providing humanitarian aid to the refugees fleeing from Ukraine and receiving medical assistance in the U.S. The RomCom threat actor has been carefully following geopolitical events surrounding the war in Ukraine, targeting militaries, food supply chains, and IT companies.
0 Comments
Leave a Reply. |