Find notable cyber news and cases, enriched with sources, timelines, and signals.

Tomiris 2025 government-targeting campaign

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

The Tomiris 2025 campaign is using phishing and public-service C2 to target foreign ministries, intergovernmental organizations, and government entities, increasing the risk of stealthy long-term access across Russia and Central Asia.

Related Happenings

Gamaredon Ukraine spear-phishing campaign across government and military targets

Campaign
H score39 First: 29.06.2026 14:40 Last: 29.06.2026 14:40 Sources 1

About this happening: The **Gamaredon** campaign expanded across **Ukraine** in **2025**, hitting **governmental and military institutions** with **35 spear-phishing campaigns** and raising the risk of...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

StrikeShark SharkLoader and Cobalt Strike Beacon campaign

Campaign
H score42 First: 26.06.2026 21:17 Last: 26.06.2026 21:17 Sources 1

About this happening: The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...

Turla STOCKSTAY phishing campaign targeting Ukraine and Europe

Campaign
H score37 First: 26.06.2026 10:15 Last: 26.06.2026 10:15 Sources 1

About this happening: Turla's **STOCKSTAY** phishing campaign is targeting **government and military organizations in Ukraine** and selected **European entities**, extending a recurring espionage opera...

Gamaredon WinRAR malware chain using GammaPhish, GammaLoad, GammaWorm, and GammaSteel

Malware Activity
H score49 First: 02.06.2026 21:21 Last: 02.06.2026 21:21 Sources 1

About this happening: **Gamaredon** is a **Russian APT** that expanded its **2025** activity against **Ukraine** with **35 spear-phishing campaigns** aimed at **government and military institutions**....

Latest development: 09.06.2026 15:26

Trend Micro attributes ongoing exploitation of WinRAR CVE-2025-8088 against Ukrainian organizations to Earth Dahu (Gamaredon) and SHADOW-EARTH-066 (UAC-0226). The campaigns use crafted RAR archives with hidden ADS payloads, a decoy PDF, a Startup-folder LNK, and a PowerShell chain via cmd.exe to launch GIFTEDCROOK (result.dll), while Earth Dahu's HTA-to-VBScript chain delivers GammaPhish, GammaLoad, and GammaSteel. The exfiltration path also shifts from Telegram to dedicated C2 servers, and Earth Dahu's use of the flaw is assessed to have remained active through at least April 10, 2026.

Timeline

  1. 01.12.2025 07:07 2 articles · 7mo ago

    Tomiris 2025 government-targeting campaign

    Initial Disclosure

    The operation begins with **spear-phishing emails** carrying **password-protected RAR files**. Those archives deliver a disguised payload that starts the infection chain and prepares the host for follow-on tooling.

    Show sources