WRECKSTEEL AI-assisted data-stealing malware used against Ukrainian government and critical infrastructure targets
Malware Activity
Summary
Hide ▲
Show ▼
The WRECKSTEEL malware was used in attacks against Ukrainian state administration bodies and critical infrastructure facilities, indicating an active data-stealing malware operation with high-value targeting. Analysts also found signs that the malware sample was developed using AI tools. The case shows AI being applied to offensive tooling, not just phishing content.
Related Happenings
Dragon Boss Solutions LLC adware malicious update
Malware Activity
First: 16.04.2026 22:07
Last: 16.04.2026 22:07
Sources 1
About this happening:
A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Dragon Boss Solutions LLC adware malicious update
Malware ActivityAbout this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Active c-ares DLL sideloading malware campaign targeting finance and supply chain staff
Campaign
First: 14.01.2026 16:18
Last: 14.01.2026 16:18
Sources 1
About this happening:
An active **campaign** tied to **TA584** uses **Tsundere Bot** alongside **XWorm** to gain network access that could lead to **ransomware**. **Proofpoint** says the operation, tra...
Active c-ares DLL sideloading malware campaign targeting finance and supply chain staff
CampaignAbout this happening: An active **campaign** tied to **TA584** uses **Tsundere Bot** alongside **XWorm** to gain network access that could lead to **ransomware**. **Proofpoint** says the operation, tra...
Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor Meta
First: 25.11.2025 18:00
Last: 25.11.2025 18:00
Sources 1
About this happening:
**Darcula 3.0** has added **anti-detection features**, an enhanced admin panel, a card-cloning tool, and **AI-driven automation**, making phishing-page creation faster and easier...
Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor MetaAbout this happening: **Darcula 3.0** has added **anti-detection features**, an enhanced admin panel, a card-cloning tool, and **AI-driven automation**, making phishing-page creation faster and easier...
XWorm cracked-version phishing campaign
Campaign
First: 06.10.2025 14:42
Last: 06.10.2025 14:42
Sources 1
About this happening:
A **XWorm** phishing distribution campaign is spreading **cracked versions** and lure-based infections at scale, with **18,459 infections** across multiple countries. The operatio...
XWorm cracked-version phishing campaign
CampaignAbout this happening: A **XWorm** phishing distribution campaign is spreading **cracked versions** and lure-based infections at scale, with **18,459 infections** across multiple countries. The operatio...
FoalShell and StallionRAT RAR-delivery activity
Malware Activity
First: 03.10.2025 13:30
Last: 03.10.2025 13:30
Sources 1
About this happening:
A phishing-delivered malware operation is spreading **FoalShell** and **StallionRAT**, enabling **remote command execution** and **data exfiltration** on compromised hosts. The ac...
FoalShell and StallionRAT RAR-delivery activity
Malware ActivityAbout this happening: A phishing-delivered malware operation is spreading **FoalShell** and **StallionRAT**, enabling **remote command execution** and **data exfiltration** on compromised hosts. The ac...
Timeline
-
09.10.2025 12:10 2 articles · 7mo ago
SSSCIP discloses AI-assisted WRECKSTEEL activity against Ukrainian targets
Initial DisclosureUkraine's SSSCIP said Russian hackers escalated AI-assisted operations in H1 2025, including phishing generation and malware samples with signs of AI-assisted development, and highlighted UAC-0219's WRECKSTEEL use against Ukrainian state administration bodies and critical infrastructure facilities.
Show sources
- From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine — thehackernews.com — 09.10.2025 12:10
- From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine — thehackernews.com — 09.10.2025 12:10