RomCom, also known by aliases such as Storm-0978, UAT-5647, and Void Rabisu, is an advanced persistent threat group that emerged around 2022. Assessed with high confidence to be of Russian origin, the group's primary motivation is a dual track of cyber espionage aligned with Russian geopolitical interests and financially motivated attacks. Initially observed using trojanized installers against Ukrainian government and military officials, RomCom has demonstrated a continuous evolution in its operational model, integrating ransomware and double extortion tactics. A distinguishing characteristic of RomCom is its rapid adoption and exploitation of zero-day vulnerabilities and its ability to constantly refine its custom malware, evolving through multiple distinct versions like SnipBot (RomCom 5.0), making it a highly adaptable and unpredictable threat.