Summary: A new wave of cyberattacks has been reported in Ukraine, focusing on military and governmental entities, utilizing advanced information-stealing malware like GIFTEDCROOK. The attacks involve phishing emails with malicious Excel attachments that, once activated, deploy harmful scripts and exfiltrate sensitive data. This is part of a broader trend of espionage efforts linked to various threat groups targeting both Ukrainian and European institutions.
Affected: Ukrainian institutions, military formations, law enforcement agencies
Keypoints :
- Cyber attacks aim at military, law enforcement, and governmental bodies near Ukraine’s eastern border.
- Phishing emails contain a macro-enabled Excel file that deploys GIFTEDCROOK and a PowerShell script when opened.
- GIFTEDCROOK steals sensitive browser data, including cookies and authentication details, from multiple web browsers.
- The activity has been attributed to threat cluster UAC-0226, with possible ties to espionage actors like UNC5837 targeting European military organizations.
- Recent phishing campaigns have involved fake CAPTCHAs to facilitate the deployment of Legion Loader, which installs malicious browser extensions.
Source: https://thehackernews.com/2025/04/uac-0226-deploys-giftedcrook-stealer.html