Cybersecurity researchers have identified the Russian-speaking cyber espionage group Nebulous Mantis which utilizes the RomCom RAT since mid-2022. The malware employs sophisticated evasion techniques and targets critical infrastructure, governments, and political leaders. Attack vectors typically involve spear-phishing using weaponized documents, supported by bulletproof hosting services. Managed by a threat actor named LARVA-290, the group has shown persistence and adaptability in its infrastructure, having been active since at least 2019, showcasing evolved tactics and malware capabilities like the usage of the InterPlanetary File System for payload delivery.
"RomCom employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control communications, while continuously evolving its infrastructure."
"Nebulous Mantis is known to target critical infrastructure, government agencies, political leaders, and NATO-related defense organizations with their attack chains involving spear-phishing."
Collection
[
|
...
]