Void Rabisu is an intrusion set associated with financially motivated ransomware attacks and targeted campaigns on Ukraine and its supporters. They’ve targeted various entities, including the Ukrainian government, military, energy sectors, EU politicians, and security conference participants. Void Rabisu uses the ROMCOM backdoor and combines tactics from both cybercriminals and nation-state-sponsored actors, exploiting vulnerabilities like CVE-2023-36884.

Click here for the full alert.