RomCom

Storm-0978, also known as RomCom, is a Russian cybercriminal group specializing in ransomware, extortion, and espionage. Notably active in targeting defense and government entities in Europe and North America, they utilize the RomCom backdoor and Underground ransomware, which evolved from the Industrial Spy ransomware. They employ phishing campaigns with lures related to Ukrainian political affairs, exploiting vulnerabilities like CVE-2023-36884. Their operations include using trojanized versions of popular software to distribute malware. Storm-0978's activities are distinct in their dual focus on espionage-driven and financially motivated attacks, often targeting high-value organizations in the telecommunications and finance sectors.