"This version is loaded directly from the registry into memory and uses a loopback address to communicate with its loader," security researchers Dmytro Korzhevin and colleagues noted about the RomCom RAT variant.
RomCom has engaged in multi-motivational operations such as ransomware and targeted credential gathering since its emergence in 2022, indicating a strong espionage agenda.
The operational tempo of their attacks has increased in recent months with the goal of establishing long-term persistence on compromised networks and exfiltrating data.
They are aggressively expanding their tooling and infrastructure to support a variety of malware components authored in diverse languages such as C++, Rust, Go, and Lua.
Collection
[
|
...
]