UNC4487 Ukrainian government website redirection and malware delivery campaign
Campaign
Summary
Hide ▲
Show ▼
UNC4487's Ukraine-focused redirection campaign remains significant because it uses compromised government websites to steer targets toward executing Matanbuchus or CHILLYHELL. The operation has been active since at least October 2022 and is tied to a suspected espionage actor. The targeting and delivery chain show a sustained effort against Ukrainian government entities rather than a one-off lure.
Related Happenings
Iranian MOIS Telegram malware campaign targeting opposition groups
Campaign
First: 23.03.2026 11:45
Last: 23.03.2026 11:45
Sources 1
About this happening:
The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...
Iranian MOIS Telegram malware campaign targeting opposition groups
CampaignAbout this happening: The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...
NoName057(16) disruptive DDoS campaign against UK and European organisations
Campaign
First: 19.01.2026 17:30
Last: 19.01.2026 17:30
Sources 1
About this happening:
**NoName057(16)** and other Russian-aligned hacktivist groups are sustaining a **DoS/DDoS disruption campaign** against **UK organisations**, raising the risk of website outages a...
NoName057(16) disruptive DDoS campaign against UK and European organisations
CampaignAbout this happening: **NoName057(16)** and other Russian-aligned hacktivist groups are sustaining a **DoS/DDoS disruption campaign** against **UK organisations**, raising the risk of website outages a...
Roskomnadzor blocks Roblox access in Russia
Public Sector Action
First: 03.12.2025 19:33
Last: 03.12.2025 19:33
Sources 1
About this happening:
Russia's **Roskomnadzor** restricted access to **Roblox** in **Russia**, cutting off the gaming platform after alleging the spread of **extremist**, **terrorist**, and **LGBT prop...
Roskomnadzor blocks Roblox access in Russia
Public Sector ActionAbout this happening: Russia's **Roskomnadzor** restricted access to **Roblox** in **Russia**, cutting off the gaming platform after alleging the spread of **extremist**, **terrorist**, and **LGBT prop...
APT24 BadAudio multi-delivery espionage campaign
Campaign
First: 21.11.2025 00:12
Last: 21.11.2025 00:12
Sources 1
About this happening:
**APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...
APT24 BadAudio multi-delivery espionage campaign
CampaignAbout this happening: **APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...
UAC-0218 phishing campaign targeting Ukraine defense forces
Campaign
First: 09.10.2025 12:10
Last: 09.10.2025 12:10
Sources 1
About this happening:
In **H1 2025**, **UAC-0218** ran a phishing campaign against **Ukraine's defense forces**, using **booby-trapped RAR archives** to deliver **HOMESTEEL**. The operation matters bec...
UAC-0218 phishing campaign targeting Ukraine defense forces
CampaignAbout this happening: In **H1 2025**, **UAC-0218** ran a phishing campaign against **Ukraine's defense forces**, using **booby-trapped RAR archives** to deliver **HOMESTEEL**. The operation matters bec...
Timeline
-
10.09.2025 16:04 2 articles · 8mo ago
UNC4487 compromises Ukrainian government websites to deliver CHILLYHELL
Initial DisclosureUNC4487, a suspected espionage actor active since at least October 2022, is observed compromising Ukrainian government entity websites to redirect and socially engineer targets into executing Matanbuchus or CHILLYHELL malware.
Show sources
- CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems — thehackernews.com — 10.09.2025 16:04
- CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems — thehackernews.com — 10.09.2025 16:04