Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Void Rabisu, an intrusion set associated with ransomware attacks and campaigns against Ukraine and its supporters, has primarily targeted government and military entities, using tactics common among cybercriminals and nation-state-sponsored actors. The primary tool used by the group is the ROMCOM backdoor. Interestingly, Void Rabisu exploited a zero-day vulnerability, CVE-2023-36884, in two separate campaigns, one of which specifically targeted attendees of the 2023 Women Political Leaders Summit (WPL) in Brussels.