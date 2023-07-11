The Russian-linked threat actor RomCom has been targeting entities supporting Ukraine in a recently identified cyber operation. The targets include guests of the 2023 NATO Summit, which will take place July 11-12. The NATO Summit plans to discuss the war in Ukraine, Ukraine’s NATO accession, and Sweden’s recently-announced membership.

RomCom created malicious documents and tested their delivery system on June 22. The documents rely on embedded RTF files and OLE objects to collect system information and deliver the RomCom remote access trojan. Spear-phishing techniques will be used to distribute these documents to supporters of Ukraine. Also known as Void Rabisu and Tropical Scorpius, the hacking group was believed to be financially motivated. Recent shifts in operations and motivation indicate the group is likely working for the Russian government. RomCom has attacked targets in Ukraine, as well as European conferences, defense companies, and municipalities helping Ukrainian refugees.

