The recent identification of a U.S.-based company targeted by the Russian-aligned threat group RomCom, utilizing the SocGholish malware framework, underscores an evolving cyber threat landscape. This incident marks the first recorded use of a RomCom payload distributed via SocGholish, a technique generally operated by the threat actor TA569, known for its financially motivated attacks. In September 2025, a sequence of events unfolded where, approximately 10 minutes after an initial exploitation via the familiar SocGholish attack chain, the RomCom payload identified as a Mythic Agent loader was delivered to the compromised system. SocGholish has a history as a malware delivery mechanism, primarily distributing a fake software update lure that exploits compromised legitimate websites to inject malicious JavaScript. When successful, this method allows the installation of loaders that further fetch additional payloads, facilitating long-term access to the affected network.