Skip to main content
close search
site logo

Russia-aligned hackers target US company in attack linked to Ukraine war effort

A threat group called RomCom has targeted entities connected to the conflict in recent years.

Published Nov. 25, 2025 Updated 47 minutes ago
David Jones's headshot
Reporter
A man pushes his bike through debris and destroyed Russian military vehicles on a street on April 06, 2022 in Bucha, Ukraine.
A man pushes his bike through debris and destroyed Russian military vehicles on a street on April 6, 2022, in Bucha, Ukraine. A Russia-aligned threat group targeted a U.S. company in a September 2025 cyberattack. Getty Images

A U.S.-based civil engineering firm has been targeted by Russia-aligned hackers with a history of malicious activity linked to the war in Ukraine, according to a blog post released Tuesday by Arctic Wolf. 

A Russia-aligned threat group, known as RomCom, used SocGholish malware to target the company in a September attack, according to the blog. A Russian foreign intelligence agency, GRU unit 29155, has used SocGholish to target various entities in connection with the war since 2022. 

SocGholish is operated by a group known as TA569, which usually works as an initial access broker. 

“SocGholish has grown into commonly used traffic distribution system typically used for criminal purposes,” said Jacob Faires, senior staff threat researcher at Arctic Wolf. “A single fake browser-update click can give an attacker remote access in minutes.”

Researchers did not identify the targeted company by name, describing it only as a firm that has previously done work for a city that has close ties to Ukraine. RomCom has a history of malicious attacks against various organizations or individuals that have provided support to Ukraine. 

Researchers said the attack is the first time they have detected SocGholish distribute a payload from RomCom. The attack was ultimately blocked, according to researchers. 

RomCom has been actively involved in prior attacks against Western organizations. In August, researchers at ESET uncovered RomCom exploiting a zero-day vulnerability in WinRAR. That campaign targeted organizations in Europe and Canada. 

In 2023, RomCom targeted a U.S. healthcare firm that was providing medical assistance to Ukrainian refugees, according to a blog post from Arctic Wolf. 

Tensions between the U.S. and Russia have increased in recent months, as the Trump administration has attempted to reach a negotiated end to the Ukraine war.

Russia-aligned groups have used various asymmetric methods to target Western support for the Ukrainian war effort. U.S. authorities and allied nations warned in May about the Russia-linked threat actor Fancy Bear targeting logistics and other organizations providing assistance to Ukraine.

Editor’s note; Updates with comment from Arctic Wolf. 

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
From Open-Source Freedom to Enterprise-Grade Safety: ActiveFence and Parlant Redefine Chatbot …
From Jake Smiths, Tech Editor, TVC
November 25, 2025
Rizkly Elevates CMMC Offering Through FedRAMP High Authorization and DoD IL5 Compliance
From Rizkly
November 20, 2025
Rizkly logo
Nudge Security Raises $22.5M Series A to Secure Workforce AI and SaaS
From Nudge Security
November 18, 2025
Nudge Security logo
Africa IT Meetings 2025: Genians and Onetic Africa Advance Trusted Connectivity Across the Con…
From Genians
November 17, 2025
Genians logo
Editors' picks
Latest in Threats
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.