PT-2025-48392

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to the fix for CVE-2025-80880 Description A wiper named GamaWiper, based on VBScript, has been identified in attacks targeting Ukraine. The initial access is gained through the exploitation of a vulnerability in WinRAR. T...

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control C2 channel. "'Fast flux' is a technique used to...

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre SCPC of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium,...

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure...

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure...

Gamaredon APT cyber feud strikes Ukrainian entities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary One of the most ubiquitous, intrusive, consistently active, and laser-focused APTs targeting Ukraine in cyberspace is the Gamaredon group, also known as the Shuckworm. Gamaredon Group has employed fast...

Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware

The Computer Emergency Response Team of Ukraine CERT-UA this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed...

Disrupting SEABORGIUM’s ongoing phishing operations

The Microsoft Threat Intelligence Center MSTIC has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state...

Attacks on European Union and Ukrainian government entities carried out by the Armageddon group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of an ongoing spear-phishing attempt aimed at delivering an email with a malware attachment to Ukrainian government institutions and European...

EvilGnomes Linux malware record activities & spy on users

By Uzair Amir The EvilGnomes Linux malware has been linked to infamous Russian threat actors from the Gamaredon Group. The IT security researchers at Intezar Labs have discovered a sophisticated new backdoor Linux malware in the wild that has been developed to target Linux devices. Dubbed...