OrcaC2
-
CERT-UA advisory outlines PLUGGYAPE campaign using Signal and WhatsApp against Ukrainian forces
A CERT-UA advisory says PLUGGYAPE was used in October to December 2025 attacks on Ukrainian defense forces. Delivery used Signal and WhatsApp links to passworded archives that installed a PyInstaller executable and a Python backdoor.
