Carding 4 Carders
Professional
- Messages
- 2,730
- Reaction score
- 1,464
- Points
- 113
Women politicians will not support this trend in cyberspace.
According to a report by the Trend Micro information security company, Void Rabisu targeted EU military and political leaders involved in gender equality initiatives. The group used an updated version of the RomCom RAT malware called PEAPOD.
Trend Micro experts attributed the attacks to Void Rabisu (Storm-0978, Tropical Scorpius, UNC2596). The group is believed to be linked to the Cuba ransomware program. The hacker collective stands out because it commits cyber attacks both for financial gain and for espionage, which makes the group's actions unconventional.
In addition, hackers activities are closely linked to the use of the RomCom RAT Trojan (Remote Access Trojan, RAT). Trend Micro previously discovered that Void Rabisu uses a network of phishing sites that offer fake versions of popular programs to inject the RomCom RAT Trojan into target systems.
The group also used RomCom RAT to attack supporters of Ukraine before the NATO summit in Vilnius (July 11-12). Fake documents were used to attract victims, which imitated the call for Ukraine's accession to NATO – one of the key topics of discussion at the summit.
A series of attacks discovered in August 2023 includes an updated and simplified version of RomCom RAT, which is distributed through a fake site "wplsummit [.] com", imitating the legitimate domain wplsummit [.] org. The site is dedicated to the Women Political Leaders (WPL Summit) about women politicians.
The site has a link to the Microsoft OneDrive folder, which contains an executable file that mimics the folder with photos from the WPL Summit held in Brussels, Belgium in June. The file uploads 56 photos to the target system to distract the victim. Meanwhile, the file retrieves the DLL file from the remote server.
Uploaded photos
The DLL file connects to another domain to extract the load of the third stage, a PEAPOD artifact that supports only 10 commands compared to the 42 commands of the original RomCom RAT.
The updated version is able to execute arbitrary commands, upload and send files, get information about the system, and even delete itself from an infected host. Simplifying malware allows you to reduce the digital footprint and make detection more difficult.
According to a report by the Trend Micro information security company, Void Rabisu targeted EU military and political leaders involved in gender equality initiatives. The group used an updated version of the RomCom RAT malware called PEAPOD.
Trend Micro experts attributed the attacks to Void Rabisu (Storm-0978, Tropical Scorpius, UNC2596). The group is believed to be linked to the Cuba ransomware program. The hacker collective stands out because it commits cyber attacks both for financial gain and for espionage, which makes the group's actions unconventional.
In addition, hackers activities are closely linked to the use of the RomCom RAT Trojan (Remote Access Trojan, RAT). Trend Micro previously discovered that Void Rabisu uses a network of phishing sites that offer fake versions of popular programs to inject the RomCom RAT Trojan into target systems.
The group also used RomCom RAT to attack supporters of Ukraine before the NATO summit in Vilnius (July 11-12). Fake documents were used to attract victims, which imitated the call for Ukraine's accession to NATO – one of the key topics of discussion at the summit.
A series of attacks discovered in August 2023 includes an updated and simplified version of RomCom RAT, which is distributed through a fake site "wplsummit [.] com", imitating the legitimate domain wplsummit [.] org. The site is dedicated to the Women Political Leaders (WPL Summit) about women politicians.
The site has a link to the Microsoft OneDrive folder, which contains an executable file that mimics the folder with photos from the WPL Summit held in Brussels, Belgium in June. The file uploads 56 photos to the target system to distract the victim. Meanwhile, the file retrieves the DLL file from the remote server.
Uploaded photos
The DLL file connects to another domain to extract the load of the third stage, a PEAPOD artifact that supports only 10 commands compared to the 42 commands of the original RomCom RAT.
The updated version is able to execute arbitrary commands, upload and send files, get information about the system, and even delete itself from an infected host. Simplifying malware allows you to reduce the digital footprint and make detection more difficult.