Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Cuba ransomware affiliate targets Ukrainian govt agencies

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert about potential Cuba Ransomware attacks against critical networks in the country.

Starting on October 21, CERT-UA observed a new wave of phishing emails that impersonated the Press Service of the General Staff of the Armed Forces of Ukraine, urging recipients to click on an embedded link.

Malicious email distributed in Ukraine
Malicious email distributed in Ukraine (CERT-UA)

The link takes the recipient to a third-party web page to supposedly download a document named “Наказ_309.pdf,” but they are shown a fake alert stating that the visitor needs to update their PDF reader software first.

The website then urges the visitor to click on a “DOWNLOAD” button, which leads to the download of an executable (“AcroRdrDCx642200120169_uk_UA.exe”) resembling an Acrobat Reader installer.

However, running this file will install and execute the “rmtpak.dll” DLL file, which is Cuba Ransomware’s signature malware known as “ROMCOM RAT.”

Payload-dropping website
Payload-dropping website (CERT-UA)

ROMCOM was first spotted by researchers at Palo Alto Networks in August 2022, naming the Cuba Ransomware affiliate using the new malware as “Tropical Scorpius.”

This malware allows the threat actors to perform file operations on the host, steal data, spawn spoofed processes, start reverse shells, and more.

“Considering the use of the RomCom backdoor, as well as other features of the related files, we believe it is possible to associate the detected activity with the activity of the group Tropical Scorpius (Unit42) aka UNC2596 (Mandiant), which is responsible for the distribution of Cuba Ransomware,” concludes the CERT-UA announcement.

Another report published yesterday by BlackBerry gives some additional details about the use of ROMCOM against military institutions in Ukraine, explaining that the malicious executable used in the attacks is signed with a valid digital certificate.

ROMCOM signature
ROMCOM signature (BlackBerry)

BlackBerry also highlights other victims of the malware, located in the Philippines, Brazil, and the United States.

In these cases, the attackers use a different payload-dropping site spoofing the legitimate “Advanced IP Scanner” site. Notably, BlackBerry’s report didn’t link ROMCOM RAT to any threat actors.

Second malware-dropping website
Second malware-dropping website (BlackBerry)

In September 2022, it was revealed that Cuba Ransomware had hit the small Balkan country of Montenegro, demanding a ransom payment of $10,000,000.

While that incident was initially given a geo-political hue, Cuba Ransomware isn’t among the hackers who have declared interest in hacktivism, and neither did they take sides in the conflict between Russia and Ukraine.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.bleepingcomputer.com/news/security/cuba-ransomware-affiliate-targets-ukrainian-govt-agencies/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

Tyligulska Wind Power Plant, located to the west of Kherson, is the world’s only windfarm to be built in a major conflict zone. Lucy...

Cyber Security

The Cyber Safety Review Board will assess how a hacking group reportedly linked to China leveraged a vulnerability in Microsoft Exchange Online to access...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO