Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ukraine Police Impersonators fileless phishing campaign targeting Ukrainian government Windows systems

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

A fileless phishing campaign impersonating the National Police of Ukraine is delivering Amatera Stealer and PureMiner, putting government Windows systems in Ukraine at risk of credential theft and cryptomining. The operation uses malicious SVG attachments that launch a fileless attack chain through a download page, password-protected archive, CHM file, and HTA CountLoader. The campaign is rated high-severity and includes IoCs for detection.

Related Happenings

Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities

Campaign
First: 14.05.2026 17:00 Last: 14.05.2026 17:00 Sources 1

About this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...

Open Happening

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Open Happening

APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations

Campaign
First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...

Open Happening

UAC-0247 phishing-led malware campaign targeting Ukrainian government and healthcare institutions

Campaign
First: 16.04.2026 09:20 Last: 16.04.2026 09:20 Sources 1

About this happening: A **March-April 2026** **UAC-0247** phishing campaign targeted **Ukrainian government** and **municipal healthcare organizations**, using **malware delivery** to steal data from *...

Open Happening

AgingFly malware attacks local governments and hospitals in Ukraine

Malware Activity
First: 16.04.2026 00:57 Last: 16.04.2026 00:57 Sources 1

About this happening: The **AgingFly** malware is now being deployed against **local governments and hospitals** in **Ukraine**, where it steals browser and WhatsApp authentication data and enables dee...

Open Happening

Timeline

  1. 29.09.2025 17:49 2 articles · 8mo ago

    Fortiguard Labs details fileless phishing campaign impersonating the National Police of Ukraine

    Initial Disclosure

    Fortiguard Labs details a fileless phishing campaign impersonating the National Police of Ukraine and targeting Microsoft Windows machines at government entities in Ukraine with malicious SVG attachments such as "elektronni_zapit_NPU.svg"; the chain uses a spoofed Adobe Reader interface, a password-protected archive, a CHM file, HTA CountLoader, and in-memory loading via PythonMemoryModule to deliver Amatera Stealer and PureMiner, which steal credentials, browser and application data, cryptocurrency wallets, and system information while also mining cryptocurrency. Fortiguard Labs rates the campaign high-severity and provides IoCs, including domains/IP addresses and files, to support detection.

    Show sources
    Open in new tab