Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents, […]

Ukraine CERT-UA backdoor SSU PathWiper wiper

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP.

Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents, up from 2,575 in late 2024. Attacks on local authorities and military entities rose, while those on government and energy sectors declined.

“In the first half of 2025, specialists from the National Cyber ​​Incident Response Team, Cyber ​​Attacks, and Cyber ​​Threats CERT-UA recorded a number of new activities in attacks against Ukraine.” states the report.

“As noted in the analytical report “Russian Cyber ​​Operations” for the first half of 2025, a radical change in tactics, techniques, and procedures, the involvement of “fresh blood” in attacks, indicate a decrease in the effectiveness of already known methods due to our effective countermeasures. We will talk about several groups.”

The report details several threat actors that targeted Ukraine, including UAC-0219, UAC-0218, and UAC-0226. UAC-0219 uses WRECKSTEEL to steal data and take screenshots, likely leveraging AI to generate PowerShell scripts. Active since late 2024, CERT-UA detected the APT activity in 2025.

According to the SSSCIP’s report, UAC-0218 has been active since 2024 but intensified in early 2025. Its phishing emails contain links to E-Disk archives hosted on UKR.NET, usually holding password-protected Office files and an encrypted VBE script delivering HOMESTEEL, a file-stealing malware.

UAC-0226 targets defense, government, and law enforcement sectors via malicious email attachments. It deploys Reverse-shell and GIFTEDCROOK, a stealer that extracts browser data and sends it to a hacker-controlled Telegram chat.

The government experts also warn of APT group UAC-0227, which has been active aince at least March 2025. CERT-UA has been tracking the group’s activity that is aimed at spying on local governments, critical infrastructure facilities, the Central Communications Commission and Joint Ventures, etc.

“To implement the threat, attackers send emails with various content. After trying different approaches to delivering the ransomware, the hackers settled on distributing an SVG file, which is a vector image that opens in a web browser by default.” continues the report. “Analysis of early UAC-0227 campaigns revealed files dated to late 2023 that indicate the same activity targeting European Union countries.”

Russia Ukraine

SSSCIP reported that Russia-linked cyberespionage group APT28 exploited XSS flaws in Roundcube and Zimbra webmail (CVE-2023-43770, CVE-2024-37383, CVE-2025-49113, CVE-2024-27443, CVE-2025-27915) for zero-click attacks.

“The use of legitimate online resources for malicious purposes is not a new tactic,” SSSCIP concludes. “However, the number of such platforms exploited by Russian hackers has been steadily increasing in recent times.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Russia)