Russia-linked hacking operation RomCom has targeted a U.S. civil engineering firm with the SocGholish malware in September, following its work in a city closely tied to Ukraine, according to Cybersecurity Dive.The successfully averted intrusion was the first instance of a RomCom payload being distributed through SocGholish, which is operated by initial access broker TA569, an Arctic Wolf report showed."SocGholish has grown into commonly used traffic distribution system typically used for criminal purposes. A single fake browser-update click can give an attacker remote access in minutes," said Arctic Wolf's Jacob Faires.Such findings come amid RomCom's persistent targeting of Western organizations supporting Ukraine, with the threat group discovered by ESET researchers to have launched attacks exploiting a WinRAR zero-day bug to compromise European and Canadian entities. Arctic Wolf also reported RomCom to have compromised a U.S. healthcare company that helped Ukrainian refugees two years ago.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds