Ukraine
-
GREYVIBE campaign targets Ukraine with phishing, fake sites and AI tools
GREYVIBE has targeted Ukraine-linked entities since at least August 2025 using phishing, fake CAPTCHA pages and fraudulent websites, while a WithSecure analysis says the group appears to have used AI tools to speed malware development.
-
Ukraine says it identified 18-year-old suspect in infostealer case tied to 28,000 accounts
Ukraine said it identified an 18-year-old suspect in Odesa in an infostealer case tied to 28,000 customer accounts, with 5,800 used for unauthorized purchases totaling about $721,000.
-
Ghostwriter targets Ukrainian government entities in fresh phishing campaign
Ghostwriter has been tied to new attacks on Ukrainian government entities since March 2026, using malicious PDFs, geofencing checks and a JavaScript version of PicassoLoader to deliver Cobalt Strike, according to an ESET technical analysis.
-
CERT-UA impersonation phishing campaign spread AGEWHEEZE malware
A phishing campaign impersonating Ukraine’s CERT-UA spread AGEWHEEZE malware to organizations and individuals in March, though officials said only a small number of personal devices were infected.
-
Denmark blames Russia for destructive cyberattack on water utility, names hacker groups
Denmark’s Defence Intelligence Service accused Russia of directing cyberattacks against Danish critical infrastructure, naming Z-Pentest and NoName057(16), and said the activity formed part of a Russian hybrid campaign that has used elections to attract attention.
-
Poland detains three Ukrainian nationals over alleged use of advanced hacking equipment
Polish police arrested three Ukrainian nationals, aged 39–43, accusing them of attempting to damage IT systems and obtaining data important to national defence; officers seized hacking equipment including a Flipper device, multiple SIM cards and other electronics, and have detained the men for three months pending trial.
-
One-day ‘PhantomCaptcha’ spearphishing campaign delivered WebSocket RAT to Ukraine relief organizations
A one-day PhantomCaptcha spearphishing campaign on Oct. 8 used fake CAPTCHA prompts and ClickFix-style commands to install a WebSocket RAT, targeting Ukrainian regional officials and organisations involved in war relief, researchers said.
-
Ukraine agency says Russian-linked hackers used AI to aid cyber attacks in H1 2025
Ukraine’s SSSCIP said Russian-linked hackers increased use of AI in cyber attacks in H1 2025, recording 3,018 incidents and using AI-generated phishing and malware while exploiting webmail flaws and abusing legitimate cloud services.
-
Phishing campaign impersonates Ukrainian police to deliver data stealer and cryptominer
FortiGuard Labs reported a fileless phishing campaign impersonating Ukraine’s National Police that uses malicious SVG attachments to deliver Amatera Stealer and PureMiner, harvesting credentials and installing a cryptominer on Windows systems.
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.
