Russian-aligned threat actor RomCom, assessed to be GRU Unit 29155, utilized the SocGholish malware delivery framework to target a U.S. company supporting Ukraine. The attack chain leveraged fake browser updates to establish initial access, followed by the rapid deployment of a custom Python backdoor (VIPERTUNNEL) and a targeted Mythic Agent loader.