Gamaredon Exploits WinRAR Flaw to Deploy GammaWorm in Ukraine
Russian FSB-linked hackers weaponize CVE-2025-8088 to spread self-propagating malware across Ukrainian networks. Worm spreads via USB and network shares.
12 articles tagged with "Ukraine"
Russian FSB-linked hackers weaponize CVE-2025-8088 to spread self-propagating malware across Ukrainian networks. Worm spreads via USB and network shares.
Russian-linked GREYVIBE threat actor deploys AI-generated malware including PhantomRelay and LegionRelay against Ukrainian military and government targets. WithSecure analysis reveals the group's OPSEC failures.
Russian military hackers deployed PRISMEX steganography malware against Ukraine and NATO logistics networks, exploiting zero-days CVE-2026-21509 and CVE-2026-21513 weeks before patches.
Pro-Ukrainian hacktivist group PhantomCore chains three TrueConf vulnerabilities including CVSS 9.8 command injection to infiltrate Russian government and private organizations since September 2025.
CERT-UA warns of ongoing campaign hitting Ukrainian clinics and government agencies with AGINGFLY backdoor. Attackers steal browser credentials, WhatsApp data, and deploy cryptominers.
Russian GRU's APT28 uses new PRISMEX malware suite with steganography and COM hijacking to target Ukraine defense and NATO logistics. Includes wiper capability.
Threat actor UAC-0255 sent 1 million phishing emails posing as CERT-UA to distribute the AGEWHEEZE remote access trojan targeting Ukrainian organizations.
Bearlyfy has hit 70+ Russian companies since January 2025, now deploying custom GenieLocker ransomware. The group blends financial extortion with politically motivated sabotage.
New JavaScript backdoor targets Ukrainian entities using Microsoft Edge's debugging features for stealth. S2 Grupo links campaign to Laundry Bear threat group.
Russian GRU-linked APT28 deploys BEARDSHELL and COVENANT implants for long-term surveillance of Ukrainian military personnel. ESET research reveals cloud storage abuse for C2.
Void Blizzard deploys PLUGGYAPE backdoor through Signal and WhatsApp, impersonating charitable organizations to compromise Ukrainian defense forces.
Artem Stryzhak admits role in double-extortion ransomware attacks targeting large US and European companies from 2018 to 2021.