ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Tropical Scorpius, RomCom

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Tropical Scorpius, RomCom

NamesTropical Scorpius (Palo Alto)
RomCom (Palo Alto)
Void Rabisu (Trend Micro)
DEV-0978 (Microsoft)
Storm-0978 (Microsoft)
CountryRussia Russia
MotivationInformation theft and espionage, Financial gain
First seen2019
Description(Palo Alto) The most recent Unit 42 Ransomware Threat Report includes observations of Cuba Ransomware impacting 33 organizations. As of July 2022, Tropical Scorpius has used Cuba Ransomware to impact 27 additional organizations across multiple vectors, such as Professional and Legal Services, State and Local Government, Manufacturing, Transportation and Logistics, Wholesale and Retail, Real Estate, Financial Services, Health Care, High Technology, Utilities and Energy, Construction, and Education. A total of 60 organizations were exposed by this ransomware gang on its leak site since the group first surfaced in 2019.
ObservedSectors: Construction, Education, Energy, Financial, Government, Healthcare, High-Tech, Manufacturing, Shipping and Logistics, Transportation.
Tools usedCuba, Industrial Spy, ROMCOM RAT, Underground.
Operations performedJul 2022Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Nov 2022RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
Feb 2023Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
Jun 2023Storm-0978 attacks reveal financial and espionage motives
Jun 2023Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Jul 2023RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit

Last change to this card: 29 November 2023

Download this actor card in PDF or JSON format

Previous: Traveling Spider
Next: Tropic Trooper, Pirate Panda, APT 23, KeyBoy

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]