Ukrainian and Polish entities targeted with RomCom malware variants
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Russian-speaking threat group, UAT-5647, has been conducting attacks against Ukrainian government entities and Polish targets since late 2023. The group has evolved its toolset to include four distinct malware families: RustClaw and MeltingClaw downloaders, DustyHammock backdoor, and ShadyHammock backdoor. The attacks involve spear-phishing campaigns delivering these malware components, which ultimately lead to the deployment of an updated version of the RomCom malware called SingleCamper. UAT-5647's activities suggest a focus on establishing long-term access for data exfiltration, with potential for future ransomware deployment. The group's tactics include network reconnaissance, lateral movement, and attempts to compromise edge devices for evasion purposes.
OPENCTI LABELS :
russia,ukraine,poland,romcom,singlecamper,dustyhammock,shadyhammock,rustclaw,rustyclaw,meltingclaw
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Ukrainian and Polish entities targeted with RomCom malware variants