Ukrainian and Polish entities targeted with RomCom malware variants
Oct. 18, 2024, 8:50 a.m.
Tags
External References
Description
A Russian-speaking threat group, UAT-5647, has been conducting attacks against Ukrainian government entities and Polish targets since late 2023. The group has evolved its toolset to include four distinct malware families: RustClaw and MeltingClaw downloaders, DustyHammock backdoor, and ShadyHammock backdoor. The attacks involve spear-phishing campaigns delivering these malware components, which ultimately lead to the deployment of an updated version of the RomCom malware called SingleCamper. UAT-5647's activities suggest a focus on establishing long-term access for data exfiltration, with potential for future ransomware deployment. The group's tactics include network reconnaissance, lateral movement, and attempts to compromise edge devices for evasion purposes.
Date
Published: Oct. 17, 2024, 4:16 p.m.
Created: Oct. 17, 2024, 4:16 p.m.
Modified: Oct. 18, 2024, 8:50 a.m.
Attack Patterns
ShadyHammock
DustyHammock
MeltingClaw
RustyClaw
SingleCamper
RomCom
UAT-5647
T1135
T1482
T1572
T1012
T1016
T1082
T1083
T1560
T1003
Additional Informations
Government
Poland
Ukraine