The Russian threat actor RomCom has been linked to cyber attacks targeting Ukrainian government agencies using a new SingleCamper RAT variant named RomCom 5.0, aiming for long-term network persistence and data exfiltration while potentially expanding to ransomware tactics; the attacks start with spear-phishing messages delivering C++ or Rust downloaders to deploy backdoors such as ShadyHammock and DustyHammock, with SingleCamper performing activities like establishing remote tunnels, network reconnaissance, lateral movement, and data exfiltration, implying an espionage agenda and a potential pivot to ransomware; the threat actor has been expanding their tooling to accommodate various malware components, and the attacks also targeted unknown Polish entities based on keyboard language checks conducted by the malware.
https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html