Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

UAC-0218 phishing campaign targeting Ukraine defense forces

Campaign
First reported
Last updated
Happening score
H score 51
1 unique sources, 1 articles

Summary

Hide ▲

In H1 2025, UAC-0218 ran a phishing campaign against Ukraine's defense forces, using booby-trapped RAR archives to deliver HOMESTEEL. The operation matters because it shows an active, targeted delivery chain aimed at military victims in an ongoing wartime cyber environment.

Related Happenings

Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities

Campaign
First: 14.05.2026 17:00 Last: 14.05.2026 17:00 Sources 1

About this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...

Open Happening

TA416 European government espionage campaign

Campaign
First: 01.04.2026 15:05 Last: 01.04.2026 15:05 Sources 1

About this happening: TA416 has resumed **cyber espionage** activity, targeting **European governments** and **EU/NATO diplomatic missions** with a renewed malware-delivery operation that raises cross-...

Latest development: 03.04.2026 20:34

TA416 expanded its espionage campaign to Middle Eastern government and diplomatic entities after the outbreak of the U.S.-Israel-Iran conflict in late February 2026, while linking to archives hosted on Google Drive or a compromised SharePoint instance to refine its PlugX delivery chain and collect regional intelligence.

Open Happening

Iranian MOIS Telegram malware campaign targeting opposition groups

Campaign
First: 23.03.2026 11:45 Last: 23.03.2026 11:45 Sources 1

About this happening: The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...

Open Happening

APT28 long-term espionage campaign targeting Ukrainian military personnel

Campaign
First: 10.03.2026 12:55 Last: 10.03.2026 12:55 Sources 1

About this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...

Open Happening

UAC-0050 spear-phishing campaign targeting European financial institutions

Campaign
First: 24.02.2026 16:21 Last: 24.02.2026 16:21 Sources 1

About this happening: The **UAC-0050** spear-phishing operation targeted a **European financial institution**, raising concern that the actor is extending its reach beyond **Ukraine** into **Western Eu...

Open Happening

Timeline

  1. 09.10.2025 12:10 2 articles · 7mo ago

    UAC-0218 phishing campaign targeting Ukraine defense forces

    Initial Disclosure

    During **H1 2025**, **UAC-0218** began phishing waves that used **RAR archive lures** to deliver **HOMESTEEL** to **defense forces in Ukraine**.

    Show sources
    Open in new tab