Find notable cyber news and cases, enriched with sources, timelines, and signals.

InedibleOchotense ESET-impersonation phishing campaign with trojanized installers

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A Russia-aligned campaign by InedibleOchotense sent ESET-branded spear-phishing lures to multiple Ukrainian entities, creating a malware-delivery risk. The operation used email and Signal messages to push links to a trojanized ESET installer. It exploited ESET's brand reputation and the company's widespread use in Ukraine to increase the chance of successful installs.

Related Happenings

ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance

Technical Analysis
H score34 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...

Gamaredon WinRAR malware chain using GammaPhish, GammaLoad, GammaWorm, and GammaSteel

Malware Activity
H score49 First: 02.06.2026 21:21 Last: 02.06.2026 21:21 Sources 1

About this happening: **Gamaredon** is a **Russian APT** that expanded its **2025** activity against **Ukraine** with **35 spear-phishing campaigns** aimed at **government and military institutions**....

Latest development: 09.06.2026 15:26

Trend Micro attributes ongoing exploitation of WinRAR CVE-2025-8088 against Ukrainian organizations to Earth Dahu (Gamaredon) and SHADOW-EARTH-066 (UAC-0226). The campaigns use crafted RAR archives with hidden ADS payloads, a decoy PDF, a Startup-folder LNK, and a PowerShell chain via cmd.exe to launch GIFTEDCROOK (result.dll), while Earth Dahu's HTA-to-VBScript chain delivers GammaPhish, GammaLoad, and GammaSteel. The exfiltration path also shifts from Telegram to dedicated C2 servers, and Earth Dahu's use of the flaw is assessed to have remained active through at least April 10, 2026.

Webworm expanded European government and South Africa university espionage campaign

Campaign
H score24 First: 20.05.2026 14:30 Last: 20.05.2026 14:30 Sources 1

About this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...

Dragon Boss Solutions LLC adware malicious update

Malware Activity
H score26 First: 16.04.2026 22:07 Last: 16.04.2026 22:07 Sources 1

About this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...

RomCom SocGholish delivery chain for Mythic Agent

Malware Activity
H score24 First: 26.11.2025 10:28 Last: 26.11.2025 10:28 Sources 1

About this happening: The **RomCom** malware family was newly observed being delivered through **SocGholish/FakeUpdates**, adding a fresh infection path that can push multiple payloads and increase pos...

Timeline

  1. 06.11.2025 17:31 2 articles · 8mo ago

    InedibleOchotense ESET-impersonation phishing campaign with trojanized installers

    Initial Disclosure

    In **May 2025**, InedibleOchotense began sending **ESET impersonation** lures by **email** and **Signal** to Ukrainian entities. The initial lure pointed to a **trojanized installer** intended to trigger malware execution and follow-on access.

    Show sources