Compromiseseverity: High2025-08-11

RomCom exploits WinRAR zero-day in spear-phishing against EU + Canada

published by ESET Research

Actor

RomComRU · RussiaAPT

Russia-aligned intrusion set conducting hybrid espionage and financially-motivated operations — ESET, Microsoft, and Unit 42 track it as a single actor straddling state-objective targeting (Ukrainian…

Summary

ESET disclosed that RomCom had exploited a previously-unknown WinRAR vulnerability (CVE-2025-8088) in spear-phishing campaigns 18-21 July 2025 targeting financial, manufacturing, defense, and logistics organizations across Europe and Canada. The lure was malicious WinRAR archives delivering a cyber-espionage payload; WinRAR patched the bug in version 7.13 on 30 July 2025.

Primary source

eset.com

Other RomCom events

2024-11-26RomCom chains Firefox + Windows zero-days for click-less backdoor delivery

Summary

Tags

Primary source

Other RomCom events