Insights, news, education and announcements from PolySwarm

GIFTEDCROOK Stealer Targets Ukraine

Apr 14, 2025 2:00:22 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Stealer, Infostealer, GiftedCrook

0 Comments

Verticals Targeted: Military, Law Enforcement, Government
Regions Targeted: Ukraine

Executive Summary

The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a new phishing campaign by UAC-0226, deploying the GIFTEDCROOK stealer through malicious Excel files to compromise Ukrainian institutions. This operation targets sensitive data from military, law enforcement, and local government entities, leveraging socially engineered lures for execution.

Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets

Apr 4, 2025 2:48:44 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, LNK, Gamaredon, Remcos

0 Comments

Related Families: Remcos

Executive Summary

Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.

AcidPour Wiper Targets Linux x86 Devices

Mar 29, 2024 12:44:53 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Linux, AcidRain, AcidPour, x86

0 Comments

Related Families: AcidRain
Verticals Targeted: Telecommunications

Executive Summary

AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.

PurpleFox Botnet Targeting Entities in Ukraine

Feb 16, 2024 11:44:26 AM / by The Hivemind posted in Ukraine, Threat Bulletin, Backdoor, Trojan, Botnet, rootkit, Exploit Kit, PurpleFox

0 Comments

Executive Summary

Fancy Bear Campaign Leverages New Malware

Jan 12, 2024 11:42:16 AM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Government, Fancy Bear, STEELHOOK, OCEANMAP, MASEPIE

0 Comments

Related Families: OCEANMAP, MASEPIE, STEELHOOK
Verticals Targeted: Government

Executive Summary

Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Dec 8, 2023 1:17:32 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, Cozy Bear, Killnet, Cadet Blizzard, LitterDrifter, Ghost Writer, Fancy Bear, VooDoo Bear, RedStinger, Nodaria, Cyber Regiment, IT Army of Ukraine, KibOrg, NLB

0 Comments

Executive Summary

The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.

PicassoLoader

Jul 21, 2023 2:15:50 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Belarus, Poland, PicassoLoader, GhostWriter

0 Comments

Verticals Targeted: Government, Military, Various

Executive Summary

PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.

RedStinger Targets Critical Infrastructure

May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic

0 Comments

Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

The PolySwarm Blog

GIFTEDCROOK Stealer Targets Ukraine

Executive Summary

Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets

Executive Summary

Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.

AcidPour Wiper Targets Linux x86 Devices

Executive Summary

AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.

PurpleFox Botnet Targeting Entities in Ukraine

Executive Summary

Fancy Bear Campaign Leverages New Malware

Executive Summary

Fancy Bear was recently observed engaging in a phishing campaign targeting entities in Ukraine. In the campaign, the threat actors used three never before seen malware families, OCEANMAP, MASEPIE, and STEELHOOK.

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Executive Summary

The Russia-Ukraine conflict has continued throughout 2023, with a plethora of both state-sponsored and hacktivist cyber activity taking place alongside kinetic warfare. In this report, PolySwarm provides the highlights of cyber activity associated with the Russia-Ukraine conflict in 2023.

PicassoLoader

Executive Summary

PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.

RedStinger Targets Critical Infrastructure

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies