Cybersecurity researchers have uncovered a sophisticated spear-phishing campaign called PhantomCaptcha that targets organizations involved in Ukraine’s war relief. The campaign uses WebSocket-based remote access Trojans and social engineering tactics to infiltrate high-profile entities, showcasing a high level of operational planning and stealth. #PhantomCaptcha #WebSocketTrojan
Keypoints
- The PhantomCaptcha campaign targets international organizations supporting Ukraine’s war relief effort.
- Phishing emails impersonate the Ukrainian President’s Office and lure victims to a fake Zoom site.
- The attack chain includes malicious PowerShell commands leading to a remote access Trojan hosted on Russian-owned infrastructure.
- The malware enables remote command execution, data exfiltration, and additional malware deployment.
- The campaign exhibits extensive operational security, with infrastructure registered months before the attack and minimal domain activity.
Read More: https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html