Tag: ukraine
-
Gamaredon group expands malware arsenal in ongoing Ukraine cyberattacks
First seen on scworld.com Jump to article: www.scworld.com/brief/gamaredon-group-expands-malware-arsenal-in-ongoing-ukraine-cyberattacks
-
XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t
Police arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy. On 22 July 2025, French and Ukrainian police arrested a 38-year-old man in Kyiv and shut down XSS.is, the most influential Russian-language cybercrime forum of the past decade. Europol, which coordinated the operation under the…
-
Kremlin Expands AI-Backed Campaigns Across Europe, US
GenAI Is Accelerating Propaganda, Planning and Content Creation. Google Threat Intelligence Group says Russia is expanding AI-enabled influence operations beyond Ukraine to target the European Union and NATO, relying on proxy networks, hacktivists and coordinated cyber campaigns to undermine Western cohesion while reducing attribution. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-kremlin-expands-ai-backed-campaigns-across-europe-us-a-32120
-
Ukraine to use seized crypto from cybercrime group to buy war bonds
Ukraine’s Asset Recovery and Management Agency (ARMA), which manages property seized in criminal proceedings, said more than $8.3 million in cryptocurrency had been transferred to its official digital wallet following a court order. First seen on therecord.media Jump to article: therecord.media/ukraine-uses-seized-crypto-cybercrime-for-war-bonds
-
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025.Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the…
-
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
Tags: cyber, data-breach, espionage, government, hacking, intelligence, military, russia, service, ukraineUkraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States.…
-
Ghostwriter Hackers Use Real-Time WebSocket Relay to Bypass SMS and OTP MFA
UNC1151 tracked by many as Ghostwriter or FrostyNeighbor has advanced a credential-phishing technique that uses a real-time WebSocket relay to defeat SMS and OTP-based multi-factor authentication (MFA). The method was observed in a recent campaign that targeted Belarusian politician Yury Hubarevich and multiple Ukrainian portals, and Censys pivots show the infrastructure spans dozens of domains…
-
Turla group deploys new STOCKSTAY backdoor against Ukraine and Italy
First seen on scworld.com Jump to article: www.scworld.com/brief/turla-group-deploys-new-stockstay-backdoor-against-ukraine-and-italy
-
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.The systematic cyber attacks aimed at stealing sensitive First seen…
-
Turla group adds more malware to Russia’s espionage efforts against Ukraine
Threat intelligence researchers at Google described StockStay, the latest malware developed by the Russian cyber-espionage group known as Turla. First seen on therecord.media Jump to article: therecord.media/russia-turla-espionage-ukraine-stockstay-malware
-
Hackers Exploit WinRAR CVE-2025-8088 to Plant Startup Shortcut and Run PowerShell Loader
Hackers have weaponized a WinRAR path-traversal flaw tracked as CVE-2025-8088 to silently plant a Startup shortcut and run a multi-stage PowerShell loader that maps a headerless, reflectively loaded PE in memory. The campaign reuses the Ukrainian reconnaissance-themed lure seen in earlier UAC-0226/GIFTEDCROOK activity but significantly advances operational packaging: instead of relying on a user to…
-
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (…
-
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (…
-
Ukraine’s state postal operator reports app disruption after cyberattack
Ukraine’s state-owned postal operator said it was experiencing disruptions to some of its app services due to a suspected cyberattack, but did not say who was behind it. First seen on therecord.media Jump to article: therecord.media/ukraine-state-postal-operator-reports-disruption
-
Russia’s Gamaredon Adapts Tactics to Target Ukraine
Tags: cloud, data, espionage, infrastructure, malware, phishing, russia, spear-phishing, tactics, ukraineEset Documents New Malware Families and Infrastructure Tactics. Eset found Russia’s FSB-linked Gamaredon expanded its malware toolkit, launched dozens of spear-phishing campaigns, and increasingly relied on legitimate cloud, tunneling and social platforms to conceal C2 infrastructure, exfiltrate data and sustain espionage operations targeting Ukraine. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-gamaredon-adapts-tactics-to-target-ukraine-a-32068
-
New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector
Researchers warn GhostShell is using fake drone documents to target Ukrainian defence teams, stealing passwords and sensitive data in a new cyber campaign. First seen on hackread.com Jump to article: hackread.com/ghostshell-hacking-group-ukraine-drone-defense-sector/
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
APT-Report: Russische Cyberangriffe auf Ukraine eskalieren weiter
Der Bericht ‘Nation-Aligned APTs in 2025″ von TrendAI, dem Cybersecurity-Bereich von Trend Micro, zeichnet ein deutlich verschärftes Bild der globalen Bedrohungslage. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-russische-cyberangriffe-ukraine
-
EU grants Ukraine access to cybersecurity reserve for major attacks
As Kyiv takes steps toward formal accession to the EU, the bloc is integrating Ukraine with its pool of pre-approved cybersecurity incident response companies. First seen on therecord.media Jump to article: therecord.media/ukraine-access-eu-cybersecurity-reserve
-
EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks
Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ukraine-included-eu-cyber-reserve/
-
Ukraine can now tap EU cyber support during major attacks
Ukraine can now call on emergency cyber support from the European Union during large-scale cybersecurity incidents. The move follows a decision by the Council of the European … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/17/ukraine-eu-cybersecurity-reserve-support/
-
Ukrainian national pleads guilty in connection with Conti ransomware
A Ukrainian national pleaded guilty to conspiracy to commit wire fraud in connection with the deployment of Conti ransomware, which targeted more than 1,000 victims worldwide. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/conti-ransomware-member-pleads-guilty/
-
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain attributed to an intrusion set we temporarily label SHADOW-EARTH-066 (tracked by CERT”‘UA as UAC”‘0226) and…
-
Schläft Europa bei Cyberangriffen auf Wasserversorger?
Wenn man an Cyberkrieg denkt, kommen einem Wasserversorgungsunternehmen nur selten als Ziel in den Sinn. In den letzten Jahren jedoch, und insbesondere im Zusammenhang mit den Kriegen in der Ukraine und im Iran, gehörten sie zu den am stärksten in den Fokus geratenen Sektoren der kritischen Infrastruktur. Management Summary Wasserversorger geraten zunehmend ins Fadenkreuz… First…
-
Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme
Ukrainian national Oleksii Lytvynenko pleaded guilty in the U.S. for his role in Conti ransomware attacks targeting victims worldwide. Oleksii Oleksiyovych Lytvynenko (44), a Ukrainian national extradited from Ireland to the U.S., has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. Prosecutors said he helped conduct attacks…
-
Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks
Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least $150 million in ransom payments. First seen on hackread.com Jump to article: hackread.com/extradited-ukrainian-admits-conti-ransomware-attacks/

