💒

RomCom

Aliases

Storm-0978

Tags

ExtortionistRansomOps

Attribution

🇷🇺

Incidents

RomCom exploiting Word vulnerability in campaign targeting government entities

References

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/

Last edited

Aug 25, 2024 7:45 AM

Status

Stub

Cloud-fluent

Unique Tools

RomCom backdoor

Storm-0978, also known as RomCom, is a Russian cybercriminal group specializing in ransomware, extortion, and espionage. Notably active in targeting defense and government entities in Europe and North America, they utilize the RomCom backdoor and Underground ransomware, which evolved from the Industrial Spy ransomware. They employ phishing campaigns with lures related to Ukrainian political affairs, exploiting vulnerabilities like CVE-2023-36884. Their operations include using trojanized versions of popular software to distribute malware. Storm-0978's activities are distinct in their dual focus on espionage-driven and financially motivated attacks, often targeting high-value organizations in the telecommunications and finance sectors.