The Russian-speaking threat actor group known as UAT-5647, also known as RomCom, has been observed targeting Ukrainian government entities and unknown Polish entities since late 2023. The group has expanded its arsenal to include four distinct malware families: RustClaw and MeltingClaw (downloaders), DustyHammock (RUST-based backdoor), and ShadyHammock (C++-based backdoor). UAT-5647’s attacks are likely a two-pronged strategy of establishing long-term access for espionage and potentially pivoting to ransomware deployment to disrupt and gain financially from the compromise.
The Gamaredon APT (Advanced Persistent Threat) group has launched a spear-phishing campaign targeting Ukrainian military personnel. The group, also known as Primitive Bear or Armageddon, is a Russian-affiliated threat actor with a history of targeting Ukrainian government and critical infrastructure. The campaign uses emails disguised as military summons, with malicious attachments designed to deliver payloads that potentially exfiltrate sensitive data from compromised systems. This campaign highlights the ongoing cyber warfare threat in Ukraine.