‘RomCom’ Cyber Campaign Targets Women Political Leaders

Attendees of August’s Women Political Leaders Summit 2023 conference found themselves targeted by a spoofed event website loaded with a new cyber espionage malware variant called ROMCOM 4.0.

Leaders from all over the world attended the conference to explore the role of women in politics as well as prospects for peace in Ukraine. Specifically, the cyber espionage campaign targeted those helping to further gender equality in the European Union, according to a report from Trend Micro.

Just a year ago, Void Rabisu threat group was a a run-of-the-mill ransomware outfit, but the invasion of Ukraine offered an opportunity for the cybercriminals to get in on more nation-state, advanced persistent threat (APT) action, the Trend Micro report explained.

The group’s primary malware strain has been updated to a new version, ROMCOM 4.0, and is used primarily to target politicians, the military, and government employees, Trend Micro observed.

“While we have no evidence that Void Rabisu is nation-state-sponsored, it’s possible that it is one of the financially motivated threat actors from the criminal underground that got pulled into cyberespionage activities due to the extraordinary geopolitical circumstances caused by the war in Ukraine,” the report added.