Russian government hackers have been noted by BlackBerry researchers to be behind the Cuba ransomware operation, which has been associated with the RomCom RAT malware used in attacks against Ukraine, TechCrunch reports.
Attackers' targets and the timing of malicious operations played a big part in BlackBerry's conclusions, with researchers observing that different digital signatures mimicking various sites and websites coincided with major events surrounding the ongoing Russia-Ukraine war.
"So each time a major event happened, like something big in geopolitics, and especially on the military field, RomCom RAT was just there, just right there," said BlackBerry Cyberthreat Intelligence Team Senior Director Dmitry Bestuzhev.
However, other cybersecurity experts are skeptical of Cuba ransomware and RomCom RAT being Russian state-backed operations, including Palo Alto Networks' Unit 42 senior researcher Doel Santos, who noted the more sophisticated operations of RomCom RAT operators, compared with other ransomware gangs.
"Unit 42 has seen the activity targeting Ukraine. There is an espionage angle with this and because of that, they could be getting direction from a nation-state. However, we don't know the extent of that relationship. It goes outside the normal activities of a ransomware group," said Santos.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.