CVE Tools
Back to feed
The Hacker News ·EN News source Exploited in the wild Gamaredon

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

By The Hacker News··3 min read
CVE Tools coverage

The Russian APT group Gamaredon has intensified its cyber campaign against Ukraine throughout 2025 by expanding its malware and increasing the use of legitimate third-party online services for command-and-control, exfiltration, and “dead drop” infrastructure. ESET reports 35 spear-phishing campaigns targeting Ukrainian government and military organizations, including attacks that abused a patched WinRAR flaw tracked as CVE-2025-8088 to deliver an HTA downloader and establish persistence. This matters because the continued weaponization of archive-based delivery and cloud/service impersonation makes detection and disruption significantly harder across affected environments.