Advertisement

Russian Intelligence Steals Messaging Credentials via SMS Lures
Ukraine and the FBI expose a long-running Russian intelligence campaign using fake support messages to compromise officials' messaging accounts.
Turla's STOCKSTAY Backdoor: Analysis of Campaigns & WinRAR Exploit
Google Threat Intelligence details STOCKSTAY, Turla's .NET backdoor for espionage targeting Ukraine and Europe, leveraging RDP & CVE-2025-8088.

Russian APT Gamaredon Upgrades UAC-0010 Malware Arsenal
Analysis of Russian APT Gamaredon's (UAC-0010) upgraded arsenal, featuring stealthier Pterodo malware loading and volatile C2 infrastructure rotation.
Turla APT Deploys StockStay Backdoor in Ukraine Espionage Campaign
Russian APT Turla targets Ukrainian government and military entities with the custom StockStay backdoor for persistent access and cyber espionage.

Turla Deploys New STOCKSTAY Backdoor in Ukraine Espionage Operations
Google identifies STOCKSTAY, a new .NET backdoor by Russian actor Turla targeting Ukrainian military and Italian foreign policy interests via Windows systems.

CVE-2023-38831: Russian APTs Target Ukraine via WinRAR Flaw
Russian threat actors are exploiting the CVE-2023-38831 WinRAR vulnerability to target Ukrainian government and military entities for data theft.

CVE-2025-8088: Russia-Aligned Groups Exploit WinRAR Flaw in Ukraine
Russia-linked actors Earth Dahu and UAC-0226 exploit the CVE-2025-8088 WinRAR path traversal flaw to deploy info-stealers against Ukrainian organizations.

Gamaredon Exploits WinRAR CVE-2025-8088 to Target Ukraine
Russian threat actor Gamaredon weaponizes a WinRAR path traversal flaw to deploy GammaWorm and GammaSteel malware against Ukrainian entities.

GREYVIBE: Russian Actor's AI-Powered Cyberattacks Target Ukraine
Analysis of GREYVIBE, a newly discovered Russian-linked threat actor utilizing AI-powered techniques to target Ukrainian entities since August 2025.
GreyVibe Actor Leverages AI Lures to Target Ukrainian Entities
Russian threat cluster GreyVibe uses ChatGPT and Gemini to automate highly targeted phishing lures and deploy custom malware against Ukrainian targets.

Ghostwriter Targets Ukraine Government with Prometheus Phishing
Belarus-aligned Ghostwriter (UAC-0057) targets Ukrainian government entities with Prometheus-themed phishing emails to deploy sophisticated malware. Learn detection and

FrostyNeighbor APT Targets Poland/Ukraine Gov with Spear-Phishing
Belarussian APT 'FrostyNeighbor' is deploying spear-phishing campaigns against Polish and Ukrainian government entities after unique victim fingerprinting, aiming for