Threat Management

Cuba ransomware believed to be Russian state-backed operation

Russian government hackers have been noted by BlackBerry researchers to be behind the Cuba ransomware operation, which has been associated with the RomCom RAT malware used in attacks against Ukraine, TechCrunch reports. Attackers' targets and the timing of malicious operations played a big part in BlackBerry's conclusions, with researchers observing that different digital signatures mimicking various sites and websites coincided with major events surrounding the ongoing Russia-Ukraine war. "So each time a major event happened, like something big in geopolitics, and especially on the military field, RomCom RAT was just there, just right there," said BlackBerry Cyberthreat Intelligence Team Senior Director Dmitry Bestuzhev. However, other cybersecurity experts are skeptical of Cuba ransomware and RomCom RAT being Russian state-backed operations, including Palo Alto Networks' Unit 42 senior researcher Doel Santos, who noted the more sophisticated operations of RomCom RAT operators, compared with other ransomware gangs. "Unit 42 has seen the activity targeting Ukraine. There is an espionage angle with this and because of that, they could be getting direction from a nation-state. However, we don't know the extent of that relationship. It goes outside the normal activities of a ransomware group," said Santos.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.