RomCom Threat Actor Spoofs Keepass and Solarwinds

The threat actor known as RomCom is actively deploying new campaigns aimed at victims in Ukraine and English-speaking regions. The BlackBerry Threat Research and Intelligence Team discovered new campaigns that spoof popular brand-name software packages. The United Kingdom is possibly a new target, while Ukraine is still the main focus.

Blackberry found RomCom leveraging the following products in their campaigns: SolarWinds Network Performance Monitor, KeePass Open-Source Password Manager, and PDF Reader Pro.

In preparation for an attack, the RomCom threat actor performs the following simplified scheme: scraping the original legitimate HTML code from the vendor to spoof, registering a malicious domain similar to the legitimate one, Trojanizing a legitimate application, uploading a malicious bundle to the decoy website, deploying targeted phishing emails to the victims, or in some instances, using additional infector vectors.

RomCom Threat Actor Spoofs Keepass and Solarwinds
Scroll to top
× How can I help you? Available from 08:00 to 22:00