Ukraine's Defense Forces charity-themed PluggyApe campaign
Campaign
Summary
Hide ▲
Show ▼
Ukraine's Defense Forces were targeted in a charity-themed campaign that delivered the PluggyApe backdoor, creating a focused October to December 2025 operation against a defense-sector cohort. The activity matters because the operators used Signal or WhatsApp, deceptive charity portals, and malware delivery tactics to increase the chance of successful compromise.
Related Happenings
NSO Group WhatsApp spear-phishing campaign
Campaign
H score37
First: 08.06.2026 20:08
Last: 08.06.2026 20:08
Sources 1
About this happening:
**NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...
NSO Group WhatsApp spear-phishing campaign
CampaignAbout this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector Action
H score30
First: 02.04.2026 17:15
Last: 02.04.2026 17:15
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
CrystalRAT Telegram-promoted malware-as-a-service
Malware Activity
H score28
First: 02.04.2026 02:17
Last: 02.04.2026 02:17
Sources 1
About this happening:
The **CrystalRAT** malware-as-a-service is being promoted on **Telegram** and **YouTube** with **remote access**, **data theft**, **keylogging**, and **clipboard hijacking**, incr...
CrystalRAT Telegram-promoted malware-as-a-service
Malware ActivityAbout this happening: The **CrystalRAT** malware-as-a-service is being promoted on **Telegram** and **YouTube** with **remote access**, **data theft**, **keylogging**, and **clipboard hijacking**, incr...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive Guidance
H score26
First: 21.03.2026 15:17
Last: 21.03.2026 15:17
Sources 1
About this happening:
A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive GuidanceAbout this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
SORVEPOTEL WhatsApp malware campaign spreads across Brazil
Campaign
H score31
First: 12.03.2026 19:31
Last: 12.03.2026 19:31
Sources 1
About this happening:
A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...
SORVEPOTEL WhatsApp malware campaign spreads across Brazil
CampaignAbout this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...
Timeline
-
14.01.2026 07:48 1 articles · 5mo ago
CERT-UA attributes PLUGGYAPE attacks on Ukrainian defense forces to Void Blizzard
Attribution UpdateCERT-UA attributed PLUGGYAPE attacks on Ukrainian defense forces to Void Blizzard with medium confidence, saying the operators used Signal and WhatsApp charity lures, password-protected archives, and a PyInstaller-built executable that deployed a Python backdoor communicating over WebSocket or MQTT.
Show sources
- PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces — thehackernews.com — 14.01.2026 07:48
-
14.01.2026 01:03 1 articles · 5mo ago
Ukraine's Defense Forces charity-themed PluggyApe campaign
Initial DisclosureThe campaign began with **Signal or WhatsApp** messages that pointed targets to a charity-themed website and a password-protected archive. Early delivery used disguised files such as **.docx.pif** and later **PluggyApe** loaders to place the backdoor on targeted systems.
Show sources
- Ukraine's army targeted in new charity-themed malware campaign — www.bleepingcomputer.com — 14.01.2026 01:03