Tag: ukraine
-
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in late February 2025 and continued into March, signifies Shuckworm’s persistent focus on Ukrainian entities and…
-
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
-
Tainted drive appears to be source of malware attack on Western military mission in Ukraine
Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine. First seen on therecord.media Jump to article: therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine
-
Cyberbedrohungslage in Europa spitzt sich zu
Ein neuer Report belegt: Geopolitische Spannungen treiben Hacktivismus in die Höhe besonders die Ukraine steht im Fokus. Gleichzeitig boomt das Geschäft mit Ransomware-as-a-Service, das um 44 Prozent gewachsen ist. Zudem verzeichnet Europa einen starken Anstieg an Betrugsdelikten: 34 Prozent aller weltweiten Scams richteten sich gegen Finanzdienstleister in der Region. First seen on itsicherheit-online.com Jump to…
-
Shuckworm’s Sophisticated Cyber Campaign Targets Ukraine Military Mission
Russia-linked espionage group Shuckworm (also known as Gamaredon or Armageddon) has launched a renewed and more sophisticated cyber campaign targeting a foreign military mission based in Ukraine, according to a detailed report by the Symantec Threat Hunter Team. This latest wave of activity, which began in February 2025 and continued through March, underscores Shuckworm’s relentless…
-
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first…
-
Sicherheitslücke: Details zum BlackEnergy-Trojaner bei PowerPoint
Im vergangenen Monat haben unsere Malware-Forscher bei der VirusBulletin-Konferenz in Seattle neue Erkenntnisse über den BlackEnergy-Trojaner und dessen spannende Evolution zu einer ausgefeilten Malware vorgestellt. Dieser Trojaner wurde überwiegend zu Spionagezwecken in der Ukraine und Polen eingesetzt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/10/17/sicherheitslucke-details-zum-blackenergy-trojaner-bei-powerpoint/
-
BlackEnergy ist zurück: Angriffe betreffen Ukraine und Polen
Vor kurzem waren eine große Anzahl an staatlichen Organisationen und Privatunternehmen aus verschiedenen Branchen in der Ukraine und Polen Opfer von Cyberangriffen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/09/23/blackenergy-ist-zuruck-angriffe-betreffen-ukraine-polen/
-
Ukraine subjected to new cyberespionage campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/ukraine-subjected-to-new-cyberespionage-campaign
-
New GIFTEDCROOK Stealer Targets Government Organizations to Exfiltrate Sensitive Data
Cybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as outlined in CERT-UA’s latest alert, CERT-UA#14303. The campaign, attributed to the UAC-0226 hacking group, leverages a sophisticated C/C++-based stealer called GIFTEDCROOK to infiltrate systems, steal sensitive data, and exfiltrate it via covert channels. The operation has been active since February…
-
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware.The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said.The attacks involve distributing phishing emails First seen on thehackernews.com Jump…
-
Hackers are pretending to be drone companies and state agencies to spy on Ukrainian victims
The hackers have targeted Ukraine’s armed forces, law enforcement agencies and local government bodies, especially those near the country’s eastern border, which is close to Russia. First seen on therecord.media Jump to article: therecord.media/hackers-impersonate-drone-companies-state-agencies-spy-ukraine
-
Novel Wrecksteel malware deployed against Ukraine
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-wrecksteel-malware-deployed-against-ukraine
-
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
CERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. This activity is tracked under the identifier UAC-0219. >>The Ukrainian government’s computer emergency response team, CERT-UA, is…
-
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
Tags: attack, computer, country, cyber, cyberattack, email, infrastructure, malware, phishing, ukraineThe Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data.The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing…
-
One mighty fine-looking report
Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/one-mighty-fine-looking-report/
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
A Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
A Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers
A recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing a stealthy malware loader, Emmenhtal, in conjunction with the SmokeLoader malware. This campaign demonstrates advanced tactics by financially motivated threat actors to distribute infostealers like CryptBot and Lumma Stealer. The attack chain begins with weaponized 7z archives and culminates in…
-
Western cyber aid to Ukraine faces strain as Russia’s war drags on
As the war between Russian and Ukraine continues, Western cyber support is waning, raising growing concerns about the long-term effectiveness of these efforts. First seen on therecord.media Jump to article: therecord.media/western-cyber-aid-to-ukraine-faces-strain-war-drags
-
Ongoing Gamaredon phishing campaign targets Ukraine with Remcos RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-gamaredon-phishing-campaign-targets-ukraine-with-remcos-rat
-
Ukraine Blames Russia for Railway Hack, Labels It Act of Terrorism
The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ukraine-russia-railway-hack/
-
Latest gambit for Gamaredon: Fake Ukraine troop movement documents with malicious links
The Kremlin-linked hacking group Gamaredon appears to be behind a recent campaign that aims to install a malicious version of the Remcos tool on Ukrainian computers. First seen on therecord.media Jump to article: therecord.media/gamaredon-phishing-campaign-fake-ukraine-documents-remcos
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Moscow subway app and website disrupted in possible retaliation for Ukraine railway hack
Tags: ukraineDuring an outage of the Moscow subway system’s app and website, the site displayed a message purportedly from Ukraine’s national railway operator, which was recently hit by a large-scale cyberattack. First seen on therecord.media Jump to article: therecord.media/moscow-subway-system-disruption-ukraine-hack-message
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…