A newly uncovered cyber campaign dubbed “Operation Deceptive Prospect” reveals the Russia-linked hacking group RomCom, also known as Storm-0978 and Void Rabisu, has escalated its targeting of UK retail, hospitality, and critical infrastructure sectors, GBHackers News reports.
Discovered by Bridewell’s Cyber Threat Intelligence team in March 2025, the operation uses elaborate phishing tactics via public-facing feedback portals to infiltrate organizations with malware disguised as legitimate files. The campaign delivers an advanced backdoor, SnipBot, capable of data exfiltration and remote control, and incorporates zero-day exploits like CVE-2024-9680 and CVE-2024-49039 for stealthy, zero-click attacks. RomCom employs AI-generated social engineering tactics and stolen certificates to bypass detection, with nearly 100 spoofed cloud domains hosted on bulletproof infrastructure. The infection chain uses multiple redirects and obfuscation to evade defenses, prompting experts to warn organizations to closely monitor feedback systems and enhance endpoint protections. The group's activities suggest a hybrid agenda of espionage and financially motivated cybercrime, with possible ties to Russian state interests.
Discovered by Bridewell’s Cyber Threat Intelligence team in March 2025, the operation uses elaborate phishing tactics via public-facing feedback portals to infiltrate organizations with malware disguised as legitimate files. The campaign delivers an advanced backdoor, SnipBot, capable of data exfiltration and remote control, and incorporates zero-day exploits like CVE-2024-9680 and CVE-2024-49039 for stealthy, zero-click attacks. RomCom employs AI-generated social engineering tactics and stolen certificates to bypass detection, with nearly 100 spoofed cloud domains hosted on bulletproof infrastructure. The infection chain uses multiple redirects and obfuscation to evade defenses, prompting experts to warn organizations to closely monitor feedback systems and enhance endpoint protections. The group's activities suggest a hybrid agenda of espionage and financially motivated cybercrime, with possible ties to Russian state interests.
