Cuba Ransomware Critical Networks in Ukraine

  |  Source: 
Blackberry, BleepingComputer and CERT-UA
Food and Beverage
Critical Infrastructure

Cuba Ransomware Critical Networks in Ukraine

An alert issued by the Computer Emergency Response Team of Ukraine (CERT-UA) has warned  Ukrainian organizations to be wary of attacks from Cuba ransomware against critical networks. Operators of Cuba ransomware were observed on October 21st, 2022, distributing phishing emails impersonating the Press Service of the General Staff of the Armed Forces of Ukraine. The malicious email contains a link to download a remote access trojan, labeled with the signature "ROMCOM RAT." The distribution of ROMCOM RAT has been tracked by the BlackBerry Research and Intelligence team, observing the deployment of "Advanced IP Scanner" packages for reconnaissance alongside the RAT. "Considering the use of the RomCom backdoor, as well as other features of the related files, we believe it is possible to associate the detected activity with the activity of the group Tropical Scorpius (Unit42) aka UNC2596 (Mandiant), which is responsible for the distribution of Cuba Ransomware," as assessed by CERT-UA. The victimology of the recent campaigns appears to target verticals in critical infrastructure, military, food & beverage, and manufacturing.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now