Cert2Connect

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

"Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as ""UAT-5647"", against Ukrainian government entities and unknown Polish entities. UAT-5647 is also known as RomCom and is widely attributed to Russian speaking threat actors in open-source reporting. The latest series of attacks deploys an updated version of the RomCom malware we track as ""SingleCamper"". This version is loaded directly from registry into memory and uses loopback address to communicate with its loader. UAT-5647 has also evolved their tooling to include four distinct malware families: two downloaders Cisco track as RustClaw and MeltingClaw
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak