WRECKSTEEL AI-assisted data-stealing malware used against Ukrainian government and critical infrastructure targets
Malware Activity
Summary
Hide ▲
Show ▼
The WRECKSTEEL malware was used in attacks against Ukrainian state administration bodies and critical infrastructure facilities, indicating an active data-stealing malware operation with high-value targeting. Analysts also found signs that the malware sample was developed using AI tools. The case shows AI being applied to offensive tooling, not just phishing content.
Related Happenings
AI-built ransomware toolkit with AD discovery and EDR evasion
Malware Activity
H score36
First: 02.06.2026 23:01
Last: 02.06.2026 23:01
Sources 1
About this happening:
A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...
AI-built ransomware toolkit with AD discovery and EDR evasion
Malware ActivityAbout this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...
GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem
Threat Actor Meta
H score15
First: 29.05.2026 14:31
Last: 29.05.2026 14:31
Sources 1
About this happening:
A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...
GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem
Threat Actor MetaAbout this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...
Dragon Boss Solutions LLC adware malicious update
Malware Activity
H score23
First: 16.04.2026 22:07
Last: 16.04.2026 22:07
Sources 1
About this happening:
A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Dragon Boss Solutions LLC adware malicious update
Malware ActivityAbout this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Active c-ares DLL sideloading malware campaign targeting finance and supply chain staff
Campaign
H score48
First: 14.01.2026 16:18
Last: 14.01.2026 16:18
Sources 1
About this happening:
An active **campaign** tied to **TA584** uses **Tsundere Bot** alongside **XWorm** to gain network access that could lead to **ransomware**. **Proofpoint** says the operation, tra...
Active c-ares DLL sideloading malware campaign targeting finance and supply chain staff
CampaignAbout this happening: An active **campaign** tied to **TA584** uses **Tsundere Bot** alongside **XWorm** to gain network access that could lead to **ransomware**. **Proofpoint** says the operation, tra...
Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor Meta
H score21
First: 25.11.2025 18:00
Last: 25.11.2025 18:00
Sources 1
About this happening:
**Darcula 3.0** has added **anti-detection features**, an enhanced admin panel, a card-cloning tool, and **AI-driven automation**, making phishing-page creation faster and easier...
Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor MetaAbout this happening: **Darcula 3.0** has added **anti-detection features**, an enhanced admin panel, a card-cloning tool, and **AI-driven automation**, making phishing-page creation faster and easier...
Timeline
-
09.10.2025 12:10 2 articles · 8mo ago
SSSCIP discloses AI-assisted WRECKSTEEL activity against Ukrainian targets
Initial DisclosureUkraine's SSSCIP said Russian hackers escalated AI-assisted operations in H1 2025, including phishing generation and malware samples with signs of AI-assisted development, and highlighted UAC-0219's WRECKSTEEL use against Ukrainian state administration bodies and critical infrastructure facilities.
Show sources
- From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine — thehackernews.com — 09.10.2025 12:10
- From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine — thehackernews.com — 09.10.2025 12:10