Ukraine
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States. Additionally, the hackers have been […]
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. The attackers use phishing emails that impersonate think tanks, referencing important political events or military developments to lure their targets. Proofpoint researchers who discovered the activity in February 2025 suggest that it’s likely an effort […]
Ukrainian extradited to US for Nefilim ransomware attacks
A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. The suspect, Artem Aleksandrovych Stryzhak, 35, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025. According to the U.S. Department of Justice, Stryzhak allegedly participated […]
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that […]
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. According to […]
Cyberattack takes down Ukrainian state railway’s online services
Ukrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. The incident forced people to booths to buy physical tickets, causing overcrowding, delays, long waiting times, and frustration. With trains being the only reliable and relatively safe means for people […]
Ukrainian military targeted in new Signal spear-phishing attacks
Ukraine’s Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country’s army forces. The bulletin mentions that the attacks started this month, with Signal messages containing archives posing as meeting reports. With some of these messages […]
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. These attacks likely started in late 2023 and have now been linked by EclecticIQ threat analysts with Sandworm hackers based on overlapping infrastructure, consistent Tactics, Techniques and Procedures (TTPs), and frequently […]
7-Zip MotW bypass exploited in zero-day attacks against Ukraine
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country. The Mark of the Web […]
Russian ISP confirms Ukrainian hackers “destroyed” its network
Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announced on Tuesday they had breached Russian internet service provider Nodex’s network and wiped hacked systems after stealing sensitive documents. “The Russian internet provider Nodex in St. Petersburg was completely looted and wiped. Data exfiltrated, while the empty equipment without backups was left to them,” the […]