Tag: Ukraine
-
Ghost in the Inbox: How the “GhostMail” Attack Weaponized Zimbra’s Own API to Siphon Critical State Secrets
Phishing bombardments directed at webmail architectures are customarily orchestrated along a deeply familiar trajectory: a pernicious attachment, a venomous hyperlink, a compromised macro, or a subterranean downloader. However, within a nascent campaign leveled against a sovereign Ukrainian state institution, the malefactors completely eschewed this orthodox arsenal. The malicious architecture was seamlessly entombed directly within the…
-
The HoppingAnt Trail: Unmasking Operation CamelClone’s Global Diplomatic Siege
The specialists at Seqrite Labs have unearthed a sequence of cyberespionage incursions, christened Operation CamelClone. This campaign has simultaneously engulfed a multitude of nations, fixing its gaze upon sovereign state apparatuses, defense syndicates, and diplomatic enclaves. Forensic dissection revealed that the malefactors wielded an identical infection choreography and homologous lures, notwithstanding the disparate thematic nature…
-
Shadows in the Inbox: Ukraine’s CERT-UA Unmasks the UAC-0252 Phishing Blitz and its “PalachPro” Ties
In early 2026, malicious actors initiated a mass dissemination of emails masquerading as official communications from Ukrainian state authorities. Recipients are deceptively urged to “update mobile applications” pertinent to ubiquitous civilian and military services. Lurking beneath the veneer of these missives is a pernicious campaign that deploys a formidable arsenal of software designed to exfiltrate…
-
Three-Day Turnaround: How APT28 Rapidly Weaponized the Latest Microsoft Office Zero-Day
The sophisticated threat actor APT28 has commenced the exploitation of a nascent Microsoft Office vulnerability almost immediately following its public disclosure. According to researchers, these incursions were initiated within a mere three-day window, primarily targeting entities across Ukraine, Slovakia, and Romania. Security analysts at Zscaler have designated this campaign Operation Neusploit, which centers upon CVE-2026-21509—a…
-
Weaponizing Grief: Hive0156 Exploits Military Families in High-Stakes Phishing
Military and governmental institutions have once again found themselves in the crosshairs of a sophisticated spear-phishing campaign, where adversaries exploit the most poignant societal anxieties as a catalyst for deception. Cybersecurity experts have identified these emotionally charged lures as the primary mechanism for a newly discovered offensive. The operation is attributed to the threat actor…
-
Beyond Macros: Paper Werewolf’s “EchoGather” Backdoor Exploits Excel XLLs
The Excel format—long regarded as a harmless office staple—is increasingly being exploited as an entry point for cyberattacks. At the center of this trend are XLL files, specialized Excel add-ins that are, in reality, native Windows DLL libraries capable of executing arbitrary code immediately upon loading. This very mechanism was leveraged in late 2025 by…
-
APT-C-53 Hits Ukraine: New Attack Exploits WinRAR Flaw for Persistence
APT-C-53 has once again intensified its distribution of malicious attachments targeting organizations in Ukraine. The latest wave of attacks demonstrates that the group continues to refine its stealth-penetration toolkit and to update its initial-access techniques, pairing them with its long-established multilayered script-execution framework. According to the 360 Threat Intelligence Center, the attackers are exploiting CVE-2025-8088…
-
CERT-UA Warns: New Espionage Campaign Distributes CABINETRAT Backdoor via Signal Messenger XLL Files
CERT-UA has detected a new targeted campaign against Ukraine in which operators distribute malicious XLL modules inside ZIP archives via the Signal messenger, ultimately delivering the CABINETRAT backdoor to victims’ machines. The agency attributes the incidents to a cluster labeled UAC-0245 and provides a detailed analysis of the attack logic and the malware’s obfuscation techniques.…
-
New Phishing Campaign Impersonates Ukrainian Police to Deliver Amatera Stealer and PureMiner
Researchers at Fortinet FortiGuard Labs have uncovered a new cyber-attack campaign masquerading as communications from the National Police of Ukraine and employing an unusual malware delivery chain. The attackers dispatch emails with SVG attachments that trigger a multi-stage download sequence: first CountLoader, then the Amatera stealer, and finally a stealthy cryptocurrency miner named PureMiner. The…
-
Kingpin of Notorious XSS.is Cybercrime Forum Arrested in Ukraine After Europol-Led Sting
The Paris Prosecutor’s Office has announced the arrest in Ukraine of an alleged administrator of the Russian-language forum XSS.is, a site long recognized as one of the largest hubs of the cybercriminal underworld. The operation took place on July 22, in a coordinated effort involving Ukrainian law enforcement, French investigators, and Europol. According to prosecutors,…
-
Arctic Wolf Exposes “GIFTEDCROOK”: China-Linked APT Launches Evolving Cyber-Espionage on Ukraine Military
The hacker group UAC-0226 continues to aggressively evolve its malicious tool GIFTEDCROOK, which initially functioned as a browser data-stealing utility but has now acquired advanced capabilities, enabling the targeted exfiltration of confidential documents and files. Researchers at Arctic Wolf reported that in June 2025, a wave of new campaigns utilizing the enhanced version of GIFTEDCROOK…