RomCom APT

RomCom (also referenced as Void Rabisu / Storm-0978 / UAT-5647) is an advanced persistent threat actor active since 2022 that targets NATO-affiliated states and Ukraine supporters using spearphishing, trojanized installers, cloned conference sites, and zero-day exploits (notably in 2024–2025); the group combines espionage objectives with opportunistic financially-motivated operations (ransomware-style extortion), employs custom RATs and commodity tools for credential harvesting and data exfiltration, rotates infrastructure and leverages cloud hosting to evade detection, and presents a high strategic risk requiring prioritized patching, threat hunting, infrastructure monitoring, and user awareness.