'RomCom' Cyber Campaign Targets Women Political Leaders

A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware.

Dark Reading Staff, Dark Reading

October 16, 2023

1 Min Read
Website for Women Political Leaders Event
Source: Trend Micro

Attendees of August's Women Political Leaders Summit 2023 conference found themselves targeted by a spoofed event website loaded with a new cyber espionage malware variant called ROMCOM 4.0.

Leaders from all over the world attended the conference to explore the role of women in politics as well as prospects for peace in Ukraine. Specifically, the cyber espionage campaign targeted those helping to further gender equality in the European Union, according to a report from Trend Micro.

Just a year ago, Void Rabisu threat group was a a run-of-the-mill ransomware outfit, but the invasion of Ukraine offered an opportunity for the cybercriminals to get in on more nation-state, advanced persistent threat (APT) action, the Trend Micro report explained.

The group's primary malware strain has been updated to a new version, ROMCOM 4.0, and is used primarily to target politicians, the military, and government employees, Trend Micro observed.

"While we have no evidence that Void Rabisu is nation-state-sponsored, it's possible that it is one of the financially motivated threat actors from the criminal underground that got pulled into cyberespionage activities due to the extraordinary geopolitical circumstances caused by the war in Ukraine," the report added.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights