New RomCom spear-phishing attacks set sight on Ukraine’s NATO membership

BleepingComputer reports that organizations supporting Ukraine amid its ongoing war with Russia and other guests in this week's NATO Summit, which will tackle Ukraine's membership in the organization, have been targeted by the RomCom threat operation. Attackers, who may be part of a rebranded RomCom group or were previously core RomCom members, have leveraged spear-phishing attacks to promote a fraudulent website of the Ukrainian World Congress, which would prompt the download of documents that create an outbound connection, as well as a script exploiting the Follina vulnerability, tracked as CVE-2023-30190, according to a report from BlackBerry's Research & Intelligence Team. Exploitation of the flaw could enable remote code execution attacks that eventually lead to the deployment of the RomCom backdoor, which has the capability to exfiltrate and deliver compromised computers' usernames, RAM details, and network adapter information back to the attackers' command-and-control server before establishing persistence and later allowing data exfiltration, additional payload delivery, and more, said researchers.