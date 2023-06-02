



The hacking group known as Void Rabisu has deployed a new backdoor called RomCom. According to security researchers from Trend Microthe sophisticated tool highlights the group’s evolving objectives and marks a significant change in tactics. “Void Rabisu was suspected to have financial motives, even though his Cuba-associated ransomware allegedly attacked Montenegro’s parliament in August 2022, which could be seen as part of a geopolitical agenda,” read a review published on Tuesday. Read more about this malware campaign: Ukraine warns against Cuban ransomware campaign “Void Rabisu’s motivations appear to have changed since at least October 2022 […]. During a campaign in December 2022, a fake version of the Ukrainian military’s Delta situational awareness website was used to trick targets into installing the RomCom backdoor. Based on these attacks, security experts have speculated that Void Rabisu’s adoption of the RomCom backdoor may indicate their desire to diversify their business. While their previous operations focused on data exfiltration and intelligence gathering, the use of this new tool suggests an interest in sabotage, disruption, or even financial gain. “While we cannot confirm coordination between the various attacks, Ukraine and countries supporting Ukraine are being targeted by various actors, such as APT actors, hacktivists, cyber mercenaries and cybercriminals like Void Rabisu,” we read in the notice. The RomCom backdoor can bypass traditional defense mechanisms. It infiltrates systems under the guise of innocent rom-com files and then allows unauthorized access, giving hackers a gateway to conduct various activities. “The line is blurring between cybercrime motivated by financial gain and APT attacks motivated by geopolitics, espionage, disruption and war. Since the rise of Ransomware-as-a-Service (RaaS), cybercriminals are now using advanced tactics and targeted attacks that were previously considered the domain of APT actors,” wrote Trend Micro. “Conversely, tactics and techniques that were previously used by financially motivated actors are increasingly being used in geopolitically targeted attacks.

