APT / THREAT GROUP🕵️ ESPIONAGEADVANCED

RomCom

🇷🇺Russia-attributed
1
campaigns
3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political leaders. The ROMCOM backdoor is capable of stealing sensitive information and deploying other malware, showcasing the group's adaptability and growing sophistication.

Threat Analysis

RomCom is a advanced-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Classified as an advanced threat actor, RomCom likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.

Known Campaigns

RomCom — Active Operations March 2026

RomCom is a espionage threat actor attributed to Russia. ROMCOM is an evolving and sophisticated threat actor group that has been using the malware tool ROMCOM for espionage and financially motivated attacks. They have targeted organizations in Ukraine and NATO countries, including military personnel, government agencies, and political...

ACTIVEHIGH2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Sophisticationadvanced
Origin🇷🇺 Russia
Aliases3
SourceMalpedia

Also Known As

Storm-0978UAT-5647RomCom

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
RomCom — APT / Threat Group | Threat Intelligence | CTIWATCH.COM