How RomCom became a multipurpose cyberweapon

Once ordinary malware, RomCom now fuels espionage, ransomware, and hybrid nation-state operations

Opinion By Paul Reid published 19 December 2025

OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock) Share Share by:

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google

When most people think of cyberweapons, they imagine tools built in secret government labs. But some of today’s most potent digital weapons didn’t start as state projects. They were born in the criminal underground.

One of the clearest examples is RomCom, a piece of malware that began life as a relatively ordinary remote access trojan (RAT) and has since evolved into a flexible, modular ecosystem now wielded by both nation-states and profit-driven attackers.

Paul Reid

VP of Adversary Research, Attackiq.

Its story reveals how the lines between espionage and organized crime are blurring, and why information sharing across the cybersecurity community has never been more critical.

From backdoor to battlefield

RomCom first appeared in 2022 as a backdoor distributed through fake versions of popular applications—classic social engineering bait. Like many RATs, it could take screenshots, collect basic system information, and establish remote control. Nothing remarkable, until researchers began noticing where it was showing up.

Early campaigns focused on Ukraine and NATO-aligned nations, targeting government agencies, humanitarian groups, and defense-linked organizations. What initially seemed like a commodity RAT was now part of a broader intelligence operation with clear geopolitical undertones.

AttackIQ dug deeper and found overlaps between RomCom’s infrastructure and ransomware operations, suggesting a single actor, or at least a shared toolkit, working across both espionage and financially motivated fronts.

That pivot from profit to politics marked the start of RomCom’s transformation.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors