Summary: A recent phishing campaign targeting Ukrainian entities has been identified, utilizing social engineering techniques to distribute the Remcos RAT trojan. This campaign, attributed to the Russian hacking group Gamaredon, uses deceptive files related to military movements to trick victims. The campaign highlights ongoing cyber espionage efforts associated with Russian Intelligence Services against Ukraine.
Affected: Ukrainian organizations
Keypoints :
- Phishing emails disguise malicious files as Microsoft Office documents related to the Russo-Ukrainian war.
- The campaign uses PowerShell scripts to download and execute the Remcos backdoor via DLL side-loading techniques.
- Silent Push has reported similar phishing activities targeting Russian individuals sympathetic to Ukraine, indicating coordinated espionage efforts.
Source: https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html