Threat Research

    SHADOW-VOID-042 Targets Multiple Industries With Void Rabisu-Like Tactics

    During October and November 2025, a series of campaigns targeting the energy, defense, pharmaceutical, and cybersecurity sectors displayed traits consistent with earlier operations linked to Void Rabisu (also known as ROMCOM, Tropical Scorpius, or Storm-0978)....
    12/12/2025  0
    Read More »

    10 Things I Hate About Attribution: RomCom vs. TransferLoader

    RomCom vs. TransferLoader highlights two related cybercriminal operations. TA829 conducts espionage and cybercrime using tools based on the legacy RomCom backdoor. A highly similar campaign, using a new loader and backdoor called TransferLoader, is linked to a separate cluster named UNK_GreenSec....
    7/1/2025  0
    Read More »

    UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

    "UAT-5647" refers to a cyber threat actor targeting entities in Ukraine and Poland using variants of RomCom malware. This malware is designed to facilitate espionage and data theft. The attacks typically involve phishing campaigns and malicious software delivery, aiming to compromise sensitive information from government and private sector organizations....
    10/21/2024  0
    Read More »

    Inside SnipBot: The Latest RomCom Malware Variant

    We’ve uncovered a new variant of the RomCom malware family named SnipBot, revealing post-infection activity on victim systems for the first time. This strain employs unique obfuscation techniques alongside methods from earlier versions, RomCom 3.0 and PEAPOD (RomCom 4.0)....
    9/24/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.