- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
- I compared a $190 robot vacuum to a $550 one. Here's my buying advice
Void Rabisu’s RomCom Backdoor Reveals Shifting Threat Actor Goals
The hacking group known as Void Rabisu has deployed a new backdoor called RomCom. According to security researchers at Trend Micro, the sophisticated tool sheds light on the group’s evolving objectives and marks a significant shift in tactics.
“Void Rabisu was believed to be financially motivated, even though its associated Cuba ransomware allegedly attacked the parliament of Montenegro in August 2022, which could be considered part of a geopolitical agenda,” reads an advisory published on Tuesday.
Read more on this malware campaign: Ukraine Warns of Cuba Ransomware Campaign
“The motives of Void Rabisu seem to have changed since at least October 2022 […]. In a campaign in December 2022, a fake version of the Ukrainian army’s Delta situational awareness website was used to lure targets into installing the RomCom backdoor.”
Based on these attacks, the security experts theorized that Void Rabisu’s adoption of the RomCom backdoor might indicate their desire to diversify their activities.
While their previous operations were centered on data exfiltration and intelligence collection, the use of this new tool suggests an interest in sabotage, disruption or even financial gain.
“Even though we cannot confirm coordination between the different attacks, Ukraine and countries who support Ukraine are being targeted by various actors, like APT actors, hacktivists, cyber mercenaries and cybercriminals like Void Rabisu,” reads the advisory.
The RomCom backdoor can reportedly bypass traditional defense mechanisms. It infiltrates systems under the guise of innocent romantic comedy files, then enables unauthorized access, granting the hackers a gateway to conduct various activities.
“The line is blurring between cybercrime driven by financial gain and APT attacks motivated by geopolitics, espionage, disruption, and warfare. Since the rise of Ransomware-as-a-Service (RaaS), cybercriminals are now using advanced tactics and targeted attacks that were previously thought to be the domain of APT actors,” wrote Trend Micro.
“Inversely, tactics and techniques that were previously used by financially motivated actors are increasingly being used in attacks with geopolitical goals.”
