The Reveal Platform
Intel Name: Shadow-void-042 targets multiple industries with void rabisu-like tactics
Date of Scan: December 12, 2025
Impact: High
Summary: During October and November 2025, a series of campaigns targeting the energy, defense, pharmaceutical, and cybersecurity sectors displayed traits consistent with earlier operations linked to Void Rabisu (also known as ROMCOM, Tropical Scorpius, or Storm-0978). Void Rabisu is associated with a threat actor group driven by both financial and intelligence-gathering objectives aligned with Russian interests. We are currently tracking these activities under a provisional intrusion set, SHADOW-VOID-042, until additional evidence enables a high-confidence attribution.
