Today > | 5 High | 12 Medium | 7 Low vulnerabilities   -   You can now download lists of IOCs here!

Ukrainian and Polish entities targeted with RomCom malware variants

Oct. 18, 2024, 8:50 a.m.

Description

A Russian-speaking threat group, UAT-5647, has been conducting attacks against Ukrainian government entities and Polish targets since late 2023. The group has evolved its toolset to include four distinct malware families: RustClaw and MeltingClaw downloaders, DustyHammock backdoor, and ShadyHammock backdoor. The attacks involve spear-phishing campaigns delivering these malware components, which ultimately lead to the deployment of an updated version of the RomCom malware called SingleCamper. UAT-5647's activities suggest a focus on establishing long-term access for data exfiltration, with potential for future ransomware deployment. The group's tactics include network reconnaissance, lateral movement, and attempts to compromise edge devices for evasion purposes.

Date

Published: Oct. 17, 2024, 4:16 p.m.

Created: Oct. 17, 2024, 4:16 p.m.

Modified: Oct. 18, 2024, 8:50 a.m.

Attack Patterns

ShadyHammock

DustyHammock

MeltingClaw

RustyClaw

SingleCamper

RomCom

UAT-5647

T1135

T1482

T1572

T1012

T1016

T1082

T1083

T1560

T1003

Additional Informations

Government

Poland

Ukraine