We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

RomCom Trojan Targets Women Political Leaders Summit

RomCom Trojan Targets Women Political Leaders Summit
Keira Waddell Published on 20th October 2023 Former Senior Writer

A cyberattack campaign has targeted prominent figures involved in the Women Political Leaders (WPL) Summit in Brussels, along with European Union military personnel. The attack, identified by Trend Micro, uses an updated version of the RomCom Remote Access Trojan (RAT) known as PEAPOD. The campaign, attributed to the Void Rabisu group, has raised concerns about the cybersecurity of high-profile events.

The attack involved the creation of deceptive websites mimicking legitimate ones associated with the WPL Summit. By using a typosquatted version of the WPL Summit website — wplsummit[.]com instead of the real wplsummit.org — malicious actors hosted a Microsoft OneDrive folder containing an executable file named "Unpublished Pictures 1-20230802T122531-002-sfx.exe." This file, presented as a photo gallery containing authentic images from the June 2023 WPL Summit, delivers the PEAPOD malware.

Once the trojan has infected the victim’s device, the threat actors can remotely give it 10 different commands. This includes the execution of arbitrary code, retrieval of system information, and even self-destruction in case of compromise, aimed at maintaining the malware's inconspicuous presence on compromised systems.

This malware's distribution strategy typically relies on targeted spear-phishing emails and misleading ads on popular search engines like Google and Bing. These tactics direct users to fake websites hosting modified versions of legitimate applications, making it difficult for individuals to discern malicious activities from genuine ones.

Void Rabisu is known for its cyber activities encompassing both financially motivated attacks and espionage campaigns and is notably linked to the RomCom RAT. The group's previous endeavors have targeted countries supporting Ukraine in the conflict with Russia with various strategies, including exploiting vulnerabilities like CVE-2023-36884 found in Office and Windows HTML.

While the exact motivations behind Void Rabisu's actions remain unclear, Trend Micro speculates that the ongoing conflict in Ukraine may have contributed to the group's transition from financially motivated activities to more sophisticated cyberespionage pursuits. Despite the absence of concrete evidence linking Void Rabisu to nation-state sponsorship, the geopolitical landscape plays a critical role in recent cyber threats.

So far, Void Rabisu has targeted three conferences in 2023, including the Munich Security Conference, the Masters of Digital Conference, and the WPL Summit. Attendees of such events must remain vigilant.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address