The Hacker News ·EN News source Exploited in the wild Gamaredon
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
CVE Tools coverage
The Russian APT group Gamaredon has intensified its cyber campaign against Ukraine throughout 2025 by expanding its malware and increasing the use of legitimate third-party online services for command-and-control, exfiltration, and “dead drop” infrastructure. ESET reports 35 spear-phishing campaigns targeting Ukrainian government and military organizations, including attacks that abused a patched WinRAR flaw tracked as CVE-2025-8088 to deliver an HTA downloader and establish persistence. This matters because the continued weaponization of archive-based delivery and cloud/service impersonation makes detection and disruption significantly harder across affected environments.