RomCom Zero-Day Exploits, Akira Ransomware, Beast Ransomware
Threat Profiles & Threat Objects
- “Trending & Emerging Threats” weekly update: “RomCom” Zero-Day Exploit
- ESET researchers recently observed the RomCom (aka Void Rabisu) group exploiting a likely zero-day vulnerability in the WinRAR file archiving utility (CVE-2025-8088) to gain initial access to victims ahead of suspected post-compromise espionage activity.
- The group, which is believed to be "aligned" with Russia, is notable for using multiple zero-day exploits in recent years and for its evolution from a financially motivated actor into one now focused on espionage goals. It has targeted entities in more than a dozen sectors across Europe and North America, underscoring its potential relevance to a broad range of organizations.
- Updated our recently added Akira ransomware exploit Campaign, to include the group’s newly reported use of bring-your-own-vulnerable-driver (T1068) behavior
- Also release a new “Akira Ransomware Ecosystem” Threat Profile available by default in Enterprise Edition
- The latest update to our Major & Emerging Ransomware & Extortion Threats Threat Profile features newly added objects related to Beast Ransomware, a newcomer to the monthly list of “top” extortion operations. Beast’s victims belong to a range of sectors and locations, and the group’s malware is reportedly capable of targeting Windows, Linux, NAS, and virtualization (ESXi) systems.