Leading women politicians have become the latest targets of the now-notorious Void Rabisu threat actor following a cyber-campaign aimed at the Women Political Leaders (WPL) Summit in Brussels in June. A new report from Japan-based cybersecurity company Trend Micro shines a light on Void Rabisu’s extensive recent cyber-espionage activities.
According to Trend Micro: “Void Rabisu is one of the clearest examples where we see a mix of the typical tactics, techniques, and procedures (TTPs) used by cybercriminal threat actors and TTPs used by nation-state-sponsored threat actors motivated primarily by espionage goals… Void Rabisu also acts like an advanced persistent threat (APT) actor when it targets governments and the military.”
in June of this year, Void Rabisu launched an attack on some of the world’s women political leaders, reports Trend Micro. On August 8th, the threat actor initiated the strike on the Brussels conference and those attending by setting up a website called wplsummit[.]com duping delegates into believing they were logging onto the legitimate wplsummit.org domain.
Once the trap had been sprung, all Void Rabisu had to do was to wait for the delegates, who include some of the world’s political leaders, to click themselves straight into it. The next step was the delivery of a malicious payload to the duped delegates in the form of a highly-advanced version of ROMCOM, malware designed to open an unseen backdoor into the target organization’s systems that Trend Micro has named “ROMCOM 4.0”.
Attended by people from all over the world, the WPL summit aims to improve gender equality in politics. Among the topics included in the 2023 Brussels conference were peace and security, war and oppression, disinformation, the war in Ukraine, the role of women in politics, and gender equality. The motivation for the attack was therefore political rather than financial.
The aim was to gain a foothold in political organizations
“Since many current and future political leaders attended this conference, it presented an interesting target for espionage campaigns and served as a possible avenue for threat actors to gain an initial foothold in political organizations. It is therefore not surprising that Void Rabisu set up a campaign targeting WPL Summit 2023 attendees, “ says Trend Micro.
Trend Micro added that its research had yielded concrete evidence that this particular campaign was aimed at targets working on gender equality in EU politics. The identity of the threat actor and his no-doubt-misogynistic motivation for targeting gender equality are, as yet unknown. Among the threat actor’s previous targets were the Ukrainian government and military, their energy and water utility sectors, EU politicians, spokespersons of a certain EU government, and security conference participants.
As hostilities escalate in various regions across the globe, most recently in the Middle East, so will the level of international cyber espionage. In any conflict, knowledge is power, and hostile nation-states such as China, Russia, Iran, and North Korea have been installing backdoors in Western organizations’ systems for years in order to siphon off confidential and top-secret information in preparation for potential on-the-ground conflicts.
Many of these backdoors also have a more sinister capability – they can be used to disable critical infrastructure such as energy, water supplies, and crucial services at a time of war. Although the identities of politically motivated cyber criminals such as Void Rabisu often remain hidden, their aims and motivations clearly point to those countries that are increasingly coming into conflict with the Western powers and their NATO allies.
