A new threat activity cluster called InedibleOchotense, linked to Russia, has been impersonating ESET in phishing campaigns targeting Ukrainian organizations, using trojanized installers and backdoors. This activity overlaps with Sandworm’s destructive campaigns and other threat groups like RomCom exploiting vulnerabilities for geopolitical aims. #InedibleOchotense #Sandworm #RomCom #UkrainianCyberattacks
Keypoints
- InedibleOchotense is a new threat group impersonating ESET to target Ukrainian entities through phishing.
- The campaign uses trojanized ESET installers and signals for command-and-control, including the Kalambur backdoor.
- Threat activity overlaps with Sandworm’s destructive wiper campaigns and sub-clusters like UAC-0212 and UAC-0125.
- Sandworm has conducted wiper malware attacks on Ukraine’s government, energy, and logistics sectors.
- Romanian threat group RomCom exploited WinRAR zero-day vulnerabilities to conduct espionage and exfiltration in Europe and Canada.
Read More: https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html