Tag: ukraine
-
Conti ransomware group member pleads guilty, faces up to 20 years in prison
Oleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023. First seen on cyberscoop.com Jump to article: cyberscoop.com/conti-ransomware-member-ukrainian-lytvynenko-guilty/
-
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/
-
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations
A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and compromised EdgeRouters to enable resilient cyber operations. This shift amplifies APT28’s long-standing focus on NATO, Ukrainian and critical-infrastructure targets by moving key capabilities from traditional cloud VPS and commodity hosting into…
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-groups-winrar-flaw-ukrainian-orgs
-
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released.The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that…
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
-
Infosecurity Europe: Ukraine’s Experience Highlights the Need for Preparation and Resilience in Cybersecurity
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fight First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/resilience-perseverance-ukraine/
-
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation.Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used…
-
FSB Group Gamaredon Hides Worm in Windows Data Streams
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gamaredon-worm-ntfs-data-streams/
-
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…
-
Belarus-linked Ghostwriter group targets Ukraine using Prometheus learning platform lures
First seen on scworld.com Jump to article: www.scworld.com/brief/belarus-linked-ghostwriter-group-targets-ukraine-using-prometheus-learning-platform-lures
-
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country.The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government First seen on…
-
Belarus-linked hackers use fake training certificates to target Ukrainian officials
A Belarus-linked hacking group known as GhostWriter has launched a new espionage campaign against Ukrainian government officials using fake emails disguised as messages from a popular online learning platform to deliver malware. First seen on therecord.media Jump to article: therecord.media/oysterfresh-belarus-linked-campaign-targets-ukraine
-
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukraine-identifies-infostealer-operator-tied-to-28-000-stolen-accounts/
-
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
The investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine’s Prosecutor General said. First seen on therecord.media Jump to article: therecord.media/ukraine-probes-teen-suspect-cyber-theft-scheme
-
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware
UAC-0184 uses a multi”‘stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT”‘UA reporting through 20242025 highlights a focus on accounts belonging to the Armed Forces of Ukraine,…
-
Gamaredon Deploys GammaDrop, GammaLoad in Phishing Campaigns
Gamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamaredon, also known as UAC-0010 or Shuckworm, continues to exploit CVE-2025-8088, a directory traversal vulnerability in WinRAR that allows attackers to…
-
Former CISA nominee Sean Plankey named US CEO of defense startup
UFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. First seen on cyberscoop.com Jump to article: cyberscoop.com/former-cisa-nominee-sean-plankey-named-us-ceo-of-defense-startup/
-
Ghostwriter group resumes attacks on Ukrainian Government targets
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…
-
Cyberkriminalität: Europas KMU im Visier
Das Bundesinnenministerium hat in dieser Woche seinen aktuellen Bericht zur Cyberkriminalität in Deutschland vorgestellt und zeichnet darin ein deutliches Bild der Bedrohungslage. Besonders im Fokus stehen die zunehmenden Angriffe aus Russland seit Beginn des Ukraine-Kriegs, steigende Ransomware-Fälle, DDoS-Attacken sowie die wachsende Rolle von KI im Cybercrime-Kontext. Warum der Bericht vor allem ein strukturelles Problem für……
-
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
Hackers linked to the long-running FrostyNeighbor cyber”‘espionage group have intensified attacks against Ukrainian government organizations, deploying updated techniques that rely on scheduled tasks for stealthy persistence and server-side validation to evade detection. FrostyNeighbor also tracked as Ghostwriter, UNC1151, and TA445 has been active since at least 2016 and is widely believed to operate in alignment…
-
Breach Roundup: US Lawmakers Sound Alarm on AI Bug Hunters
Also, YellowKey Bypasses BitLocker, Å koda Breach, Kingdom Market Operator Jailed. This week, U.S. lawmakers urged action on AI, a BitLocker exploit. Å koda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn. First seen on govinfosecurity.com Jump to…
-
‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/frostyneighbor-apt-govt-orgs-poland-ukraine
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
Hackers arrested for stealing and reselling 600,000 Roblox accounts
Ukrainian police detained three suspects accused of hacking into Roblox accounts and reselling the data on Russian websites, with payments made in cryptocurrency. Police raid … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/ukraine-roblox-account-hacking-scheme/
-
Large-scale Roblox hacking operation shut down by Ukrainian authorities
Ukrainian police arrested three hackers who hijacked 610,000 Roblox accounts and sold them for $225,000 in profit. Police in Ukraine arrested three suspects accused of hacking over 610,000 Roblox accounts and selling them for about $225,000. Officers carried out multiple searches in Lviv, seizing cash, phones, computers, laptops, tablets, and USB drives. The operation disrupted…

