Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Nebulous Mantis targets NATO-linked entities with multi-stage malware attacks

NATO hadquarters in Brussels, Belgium (NATO)

By Ravie Lakshmanan

Cybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.

RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure – leveraging bulletproof hosting to maintain persistence and evade detection,” Swiss cybersecurity company PRODAFT said in a report shared with The Hacker News.

Nebulous Mantis, also tracked by the cybersecurity community under the names CIGARCubaStorm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, is known to target critical infrastructure, government agencies, political leaders, and NATO-related defense organizations.

Read more at The Hacker News

Click to listen highlighted text!