Russian-linked threat actors targeted Ukrainian organizations using stealthy tactics involving living-off-the-land methods and web shells. The attacks exploited vulnerabilities and employed legitimate tools to remain undetected while stealing sensitive data. #Sandworm #CVE-2025-8088
Keypoints
- Threat actors targeted Ukrainian organizations with long-lasting stealth attacks using web shells and legitimate tools.
- Web shells like Localolive were used to facilitate initial access and subsequent reconnaissance activities.
- The attackers employed PowerShell commands, scheduled tasks, and benign applications to maintain persistence.
- Activities included data theft, system reconnaissance, and brute-force RDP connection modifications.
- Russian cyber operations show increasing integration with state interests and evolving tactics to avoid detection.
Read More: https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html